Saturday, November 1, 2008

Default Login and Password

This is the problem that will not go away. I was in the discussion with a Security Engineer from a major vendor who happens to be the number one vendor in their space. He informed me that I could not change the password on a security appliance and to leave it at default.

So the hacker in me quickly thought that if I did a banner grab for this vendor's appliance across an enterprise I could compromise this device where ever it existed. This appliance is highly deployed, so it is a bit scary to me. The fact that it came from a major "security vendor" was even worse.

This is Security 101 here :(

The reason he said that you couldn't change the password was, "It's an appliance!". I'm like, "Okay????".

This goes to all vendors, administrators, and security professionals.


Sorry for shouting. :)

No comments:

Post a Comment