Menu
I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later.
My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change."
So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.
Edit: In my case, it is impossible to have the password changed on first login. It has to be manually edited in an XML file. It's a bad environment, but it's difficult to change, that's why I'm asking. I'd love to have a solution like for instance Windows does.
Edit: I never touched this topic, so I was not familiar with the related issues. I proposed such a crazy idea! I see I still have to learn a lot. I'll leave this open for a while, then accept the most voted answer. Thanks for the insight!
638
Default passwords are one of the major contributing factors to large-scale security compromises. Attackers can easily identify and access internet-connected devices that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.
A default password is a standard pre-configured password for a device. Such passwords are the default configuration for many devices and, if unchanged, present a serious security risk. Typical examples of default passwords include admin, password and guest.
The use of default accounts and passwords is common and dangerous. The initial stages of most attacks involve the enumeration of legitimate system and user identities, a process that is necessary to determine vulnerabilities so that an exploit can be attempted (see Chapter 6, “Vulnerability and Risk Assessment”).
Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.
I would never advise setting a default password to be empty, especially for an administrator.
As another solution along the same lines, create a generated high entropy, cryptic (my example is nowhere cryptic, but it's an example) first-time password so your user will think:
"Wow, f45zaH67 is something I'll never remember, let me go ahead and change that"
156
Microsoft used a blank default password for the administrative account "sa" for SQL Server. The "sa" account has complete control over the database and can access cmd.exe using xp_cmdshell(). You can login to the database over port 1433. Worms spread by using the sa account with a blank password, over the years many databases where hacked. Finely Microsoft addressed the issue by forcing the user to set a password on install.
Never have a default password (especially if it allows remote code execution)
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
