Default password

Where a device needs a username and/or password to log in, a default password is usually provided to access the device during its initial setup, or after resetting to factory defaults.

WiFi Router with default password "password"

Manufacturers of such equipment typically use a simple password, such as admin or password on all equipment they ship, expecting users to change the password during configuration. The default username and password are usually found in the instruction manual (common for all devices) or on the device itself.

Default passwords are one of the major contributing factors to large-scale compromises of home routers.[1] Leaving such a password on devices available to the public is a major security risk.[2][3][4][5]

Some devices (such as wireless routers) will have unique default router usernames and passwords printed on a sticker, which is more secure than a common default password. Some vendors will however derive the password from the device's MAC address using a known algorithm, in which case the password can also be easily reproduced by attackers.[6]

Default access

To access internet-connected devices on a network, a user must know its default IP address. Manufacturers typically use 192.168.1.1 or 10.0.0.1 as default router IP addresses. However, some will have variations on this. Similarly to login details, leaving this unchanged can lead to security issues.

References

Niemietz, Marcus; Schwenk, Joerg (2015). "Owning Your Home Network: Router Security Revisited". arXiv:1506.04112 [cs.CR].
"The Risk of Default Passwords". Security Laboratory: Methods of Attack Series. SANS. Retrieved June 16, 2015.
Opaska, Walter P. (1986-09-01). "Closing the VAX Default Password "Backdoor"". EDPACS. 14 (3): 6–9. doi:10.1080/07366988609450370. ISSN 0736-6981.
Nam, Sungyup; Jeon, Seungho; Kim, Hongkyo; Moon, Jongsub (2020-05-31). "Recurrent GANs Password Cracker For IoT Password Security Enhancement". Sensors. 20 (11): 3106. Bibcode:2020Senso..20.3106N. doi:10.3390/s20113106. PMC 7309056. PMID 32486361.
Shafiq, Muhammad; Gu, Zhaoquan; Cheikhrouhou, Omar; Alhakami, Wajdi; Hamam, Habib (2022-08-03). Lakshmanna, Kuruva (ed.). "The Rise of "Internet of Things": Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks". Wireless Communications and Mobile Computing. 2022: 1–12. doi:10.1155/2022/8669348. ISSN 1530-8677.
"Reversing D-Link's WPS Pin Algorithm". Embedded Device Hacking. 31 October 2014. Retrieved June 16, 2015.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Niemietz, Marcus; Schwenk, Joerg (2015). "Owning Your Home Network: Router Security Revisited". arXiv:1506.04112 [cs.CR].

[2] "The Risk of Default Passwords". Security Laboratory: Methods of Attack Series. SANS. Retrieved June 16, 2015.

[3] Opaska, Walter P. (1986-09-01). "Closing the VAX Default Password "Backdoor"". EDPACS. 14 (3): 6–9. doi:10.1080/07366988609450370. ISSN 0736-6981.

[4] Nam, Sungyup; Jeon, Seungho; Kim, Hongkyo; Moon, Jongsub (2020-05-31). "Recurrent GANs Password Cracker For IoT Password Security Enhancement". Sensors. 20 (11): 3106. Bibcode:2020Senso..20.3106N. doi:10.3390/s20113106. PMC 7309056. PMID 32486361.

[5] Shafiq, Muhammad; Gu, Zhaoquan; Cheikhrouhou, Omar; Alhakami, Wajdi; Hamam, Habib (2022-08-03). Lakshmanna, Kuruva (ed.). "The Rise of "Internet of Things": Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks". Wireless Communications and Mobile Computing. 2022: 1–12. doi:10.1155/2022/8669348. ISSN 1530-8677.

[6] "Reversing D-Link's WPS Pin Algorithm". Embedded Device Hacking. 31 October 2014. Retrieved June 16, 2015.

Default password

Default access

See also

References