Default Credential vulnerability
A Default Credential vulnerability is a type of vulnerability that is most commonly found to affect the devices like modems, routers, digital cameras, and other devices having some pre-set (default) administrative credentials to access all configuration settings. The vendor or manufacturer of such devices uses a single pre-defined set of admin credentials to access the device configurations, and any potential hacker can misuse this fact to hack such devices, if those credentials are not changed by the consumers.[1]
Examples
There are several Proof-of-Concept (POC), as well as real world worms running across internet, which are configured to search for systems set with a default username and password. Voyager Alpha Force, Zotob, MySpooler are few examples of POC malware which scans the Internet for specific devices, and try to login using the default credentials.[1]
In real world, many new malware, including Mirai have been using this vulnerability, and then using the compromised devices for carrying out Distributed Denial of Service (DDoS) attacks. In one particular incident, hacker was able to gain access and control of large number of networks including University of Maryland, Baltimore County, Imagination, Capital Market Strategies L, by leveraging the fact that they were using the default credentials for their NetGear switch.[2]
References
- "The Risk of Default Passwords". Sans Security Laboratory. SANS Technology Institute. Retrieved 3 June 2017.
- "If your router is still using the default password, change it now!". IT World. IDG Communications, Inc. Retrieved 3 June 2017.