KeePass Exploit Unveiled: Retrieving Master Passwords in Clear Text

Risk of using Default User Names and Passwords

It is estimated that by 2021 there will be over 46 billion connected devices… That’s a lot of connections. This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. Default passwords are one of the major contributing factors to large-scale security compromises. Attackers can easily identify and access internet-connected devices that use shared default passwords.

It is imperative to change default manufacturer passwords and restrict network access to critical and important systems. When a device needs a username and/or password to log in, a default user name and password is usually provided that allows access during its initial setup. If you need to reset the device to factory defaults the default user name and password will again be needed to access the device.

Often manufacturers use a simple default user name and password, such as admin or password on all devices they ship, in the expectation that users will change the password during the initial setup and configuration. The default username and password is easily found in the instruction manual or by doing a simple web search.

Some devices will come with unique default passwords printed on a sticker, which is a more secure option than a common default password. Some vendors will however derive the password from the device’s MAC address using a known algorithm, in which case the password can be also easily reproduced by attackers.

What risks are you exposed to by not changing the default user name and password on your devices? Just to name a few: In 2014, a website made 73,011 security cameras from 256 different countries available for viewing online, all by hacking the cameras’ default usernames and passwords. In 2015, a four-week spam campaign sent an email to a number of organizations that contained a link designed to hack the router equipment by using default user and password information.

To ensure you are protected from these vulnerabilities you need to ensure your devices are not using default user names or passwords. Refer to the manual that came with your device or visit the manufacturer’s support website for instructions to change this information.

Beringer Technology Group is always here to provide expert knowledge on topics like these. Please contact us with any questions you may have.

[code-snippet name=”blog”]