Default Password Database

[deceased1 () HOME COM (Eric Knight)]

To all interested parties:

In the last week the VULN-DEV people made considerable progress toward the
collection of "default passwords".  A default password is a password that
has been left unchanged since installation, created by some automatic script
or left in demonstration software, or set to be a certain way by a
consulting company that prefers that things are done "by the book".
Although these do not represent a "new vulnerability", they are an updated
resource of a highly effective old penetration technique and should
interesting to BUGTRAQ readers.

Attached to this message is the CSV spreadsheet (comma separated, in ASCII
format) of the nearly 800 default passwords submitted to VULN-DEV over the
last week.  It can be loaded into just about any popular database or
spreadsheet. This list is one of several independently created lists that
has surfaced on VULN-DEV, but is a merger of all the lists presented.  A web
page is being created to host links to all of the databases, but has not
been finished as of this post.

Special recognition goes to Roelof Temmingh for starting the discussion and
his collection efforts, to the VULN-DEV experts that contributed, to Blue
Boar for moderating VULN-DEV, and to Security Focus for hosting these
discussion forums.

Eric Knight

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: dad.csv
</UL>