HOME

TheInfoList



Click Here for Items Related To - Default password
OR:
Default password on:   [Wikipedia]   [Google]   [Amazon]

Where a device needs a
username A user is a person who uses a computer or Computer network, network Service (systems architecture), service. A user often has a user account and is identified to the system by a username (or user name). Some software products provide serv ...
and/or
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
to log in, a default password is usually provided to access the device during its initial setup, or after resetting to factory defaults. Manufacturers of such equipment typically use a simple password, such as ''admin'' or ''password'' on all equipment they ship, expecting users to change the password during
configuration Configuration or configurations may refer to: Computing * Computer configuration or system configuration * Configuration file, a software file used to configure the initial settings for a computer program * Configurator, also known as choice board ...
. The default username and password are usually found in the instruction manual (common for all devices) or on the device itself. Default passwords are one of the major contributing factors to large-scale compromises of home routers. Leaving such a password on devices available to the public is a major security risk. There are several Proof-of-Concept (POC), as well as real world worms running across internet, which are configured to search for systems set with a default username and password. Voyager Alpha Force,
Zotob "The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, ''The New York Times'', and Caterpillar Inc." — ''Business Week'', August 16, 20 ...
, and MySpooler are a few examples of POC malware which scan the
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
for specific devices and try to log in using the default credentials. In the real world, many forms of malware, such as Mirai, have used this vulnerability. Once devices have been compromised by exploiting the Default Credential vulnerability, they can themselves be used for various harmful purposes, such as carrying out
Distributed Denial of Service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
(DDoS) attacks. In one particular incident, a hacker was able to gain access and control of a large number of networks including those of
University of Maryland, Baltimore County The University of Maryland, Baltimore County (UMBC) is a Public university, public research university in Catonsville, Maryland named after Baltimore County, Maryland, Baltimore County. It had a fall 2022 enrollment of 13,991 students, 61 un ...
, Imagination, Capital Market Strategies L, by leveraging the fact that they were using the default credentials for their NetGear switch. Some devices (such as
wireless router A wireless router or Wi-Fi router is a device that performs the functions of a router and also includes the functions of a wireless access point. It is used to provide access to the Internet or a private computer network. Depending on the m ...
s) will have unique default router usernames and passwords printed on a sticker, which is more secure than a common default password. Some vendors will however derive the password from the device's
MAC address A MAC address (short for medium access control address or media access control address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use i ...
using a known algorithm, in which case the password can also be easily reproduced by attackers.{{cite web , url=http://www.devttys0.com/2014/10/reversing-d-links-wps-pin-algorithm/ , title=Reversing D-Link's WPS Pin Algorithm , publisher=Embedded Device Hacking , date=31 October 2014 , accessdate=June 16, 2015


See also

*
Backdoor (computing) A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus comput ...
*
Internet of things Internet of things (IoT) describes devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communication networks. The IoT encompasse ...
*
Cyber-security regulation A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Tr ...


References

Password authentication Computer security exploits