Researchers name and shame default password offenders

Companies that have default passwords for equipment and software are being called out by researchers. And the list of offenders has some big names on it. 

A GitHub post by Russian researchers includes a variety of industrial systems that have default passwords. The researchers are taking a “name and shame” approach, urging companies that engage in this risky process to change their procedures.

Big names

And the companies that made the list aren’t exactly fly-by-night companies. The list includes giants like Emerson, Samsung and IBM. And products that shipped with these default passwords include servers, web appliances and more.

The passwords themselves would be amusing, if it wasn’t such a serious problem. Some of the credentials include:

  • root:root
  • admin
  • 123356
  • 0
  • !admin, and
  • password.

Those wouldn’t fly with any security pro, yet they’re the password that automatically comes with the devices.

Change defaults now

Most IT pros don’t really need a reminder, but here it is anyway: If you have any products that shipped with a default password, go ahead and change them right now.

And to be sure that you don’t unwittingly have a vulnerable password still on a device:

  • Make it part of set-up. Include a checklist when setting up equipment that has an item for changing default passwords. Having someone put their name to the step will ensure it doesn’t get fogotten.
  • Require regular password changes. That way, if one does slip by you, it’ll be changed sooner than later, and
  • Check the list. This list is by no means comprehensive, but it’s a good place to start when looking for potentially compromised devices.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy