Systems Affected
Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.
Overview
Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.
Description
What Are Default Passwords?
Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.
What Is the Risk?
Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet. It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet, as demonstrated by such research as
- Shiny Old VxWorks Vulnerabilities
- Security Flaws in Universal Plug and Play: Unplug, Don't Play
- Serial Offenders: Widespread Flaws in Serial Port Servers
- The Wild West
- Internet Census 2012
Attempting to log in with blank, default, and common passwords is a widely used attack technique.
No comments:
Post a Comment