The Danger of Default Passwords

"51% of businesses don't have a process in place to change the default passwords on their IoT devices"
IoT Security Report, RSA Conference 2017 Survey

"63% of data breaches made use of a weak, default, or stolen password"
2016 Verizon Data Breach Investigations Report

Does your organization use default credentials for devices connected to your network? Default credentials refer to login and password combinations such as ‘admin/admin’ – set by the manufacturers of switches, routers, and IoT devices like entry systems, security cameras etc.

Manufacturers’ default passwords for systems, devices and appliances are often simple, shared between a vendor’s systems/product lines, and publicly available in product documentation and on the internet. Intended for initial testing, installation and configuration, vendors recommend changing the default password before using the device or system in your business environment.

When not changed, default credentials make an organization more vulnerable to potential cyberattacks. Attackers can easily obtain these standard login details, allowing them access to the devices on your network – usually with admin rights – and leaving them open to takeover.

Mirai is an example of headline making malware that has exploited this vulnerability. It turns network devices running on Linux into remotely controlled bots that are used to carry out large-scale botnet attacks. In addition, Proof-of-Concept (POC) worms specifically created to exploit default usernames and passwords include Voyager Alpha Force, Zotob and MySpooler.

While some manufacturers use unique default passwords or design systems that require password changes the first time the default password is used, this is not the norm. Implementing a process to change default credentials at the outset is therefore a basic aspect of managing your organization’s vulnerabilities.

CYBONET’s Cybowall solution can help you to assess and act on the risks posed by default credentials. Cybowall identifies all endpoints that have web-based user sign-ins, and flags those still using vendor provided passwords – so that your organization can act quickly to secure access.

Beyond ensuring that default passwords are not being used, Cybowall takes a proactive stance to identify ‘common passwords’ used on these same endpoints – since changing your default password to an insecure, common password is no better. According to recent research based on 10 million passwords from data breaches that took place in 2016, 17% of people are protecting their accounts with ‘123456’. Cybowall tests for weak and commonly used passwords such as ‘password123’ and ‘123456’ to call attention to endpoints that are particularly vulnerable to attack.

To learn more about our Cybowall solution for Breach Detection, Network Visibility and Vulnerability Management, click here or contact info@cybonet.com