Vulnerability Development mailing list archives

Re: default password list - round 1.

From: jonathan () LETO NET (Jonathan Leto)
Date: Tue, 4 Jul 2000 15:06:02 -0500


Here are some more:

what                                                    user    pass
----------------------------------------------------------------------
BayStack 350T   HW:RevC  FW:V1.01 SW:V1.2.0.10          n/a     NetICs
BayStack 350T   HW:RevC  FW:V1.01 SW:V2.0.0.15          n/a     NetICs
BayStack 350T-HD HW:RevA  FW:V1.03 SW:V2.0.2.1 (24 port)n/a     NetICs
BayStack 350T    HW:RevC  FW:V1.00 SW:V2.0.2.1 (16 port)n/a     NetICs
3com CoreBuilder 7000/6000/3500/2500                    debug   synnet
3com CoreBuilder 7000/6000/3500/2500                    tech    tech
3com SuperStack II Switch 2200                          debug   synnet
3com SuperStack II Switch 2700                          tech    tech
3com HiPer ARC v4.1.x                                   adm     <blank>
3Com LANplex 2500                                       debug   synnet
3Com LANplex 2500                                       tech    tech
3com CellPlex 7000                                      tech    tech
3com LinkSwitch 2000/2700                               tech    tech
BreezeCOM adapters  4.x (console only)                  n/a     Super
BreezeCOM adapters  3.x (console only)                  n/a     Master
BreezeCOM adapters  2.x (console only)                  n/a     laflaf

snmp
what                                                    community       pass
--------------------------------------------------------------------------------
Osicom Plus T1/Plus 56K                                 write           private

 Roelof Temmingh (roelof () SENSEPOST COM) spewed:

All,

Thanks for all the reponses I received! Many ppl have written to me stating
that they too would want a list like this. Some said that the book "Hacking
Exposed" contain such a list - maybe someone can go through the trouble to
actually put that list online? I have started to compile a list. There are
still many gaps - those are marked with a "?". I am sure the security community
can help fill those gaps - or correct me where I have gone wrong. (Blue Boar -
maybe ask permission for a cross post ?)

The list below will go on the web as soon as I have some more info - hereby the
list so far:

Default password list.
======================

Contributed by:
---------------
Stephen Friedl <friedl () mtndew com>
Sebastian Andersson <bofh () diegeekdie com>
Jonathan Leto <jonathan () leto net>
Mike Blomgren <mike.blomgren () knowit se>
Knud Erik Hjgaard <knud () cybercity dk>
mobileunit () mobileunit org
Roelof Temmingh <roelof () sensepost com>
and others..

OS/type/vendor                          Username        Password
-----------------------------------------------------------------
AT&T 3B2 firmware                       n/a             mcp
"old" Bay routers                       Manager         <blank>
ACC (Ericsson)                          netman          netman
Livingston portmaster3                  !root           <blank>
UClinux for UCsimm                      root            uClinux
3Com Office Connect 5x0 ISDN Routers    n/a             PASSWORD
All Zyxel equipment                     n/a             1234
Netopia 7100                            <blank>         <blank>
Netopia 9500                            netopia         netopia
digiCorp (viper?)                       n/a             BRIDGE or password
AXIS 200/240 netcam                   root            pass
Cayman DSL                              n/a             <blank>
Linksys DSL                             n/a             admin
BRASX/I01 (DataCom)                     n/a             letmein
Speedstream DSL (Efficient)             n/a             admin

Needed
------
Packeteer packetshaper                  ?               ?
Xyplex switches                         ?               ?
Cabletron switches                      ?               ?
DLink hub/switches                      ?               ?
SMC hubs/switches                       ?               ?
Accton hubs/switches                    ?               ?


Regards,
Roelof.

PS: I had a SNMP c.name colum in the list, but there is only one
entry...:(, so I dropped it out for now.

------------------------------------------------------
Roelof W Temmingh             SensePost IT security
roelof () sensepost com               +27 83 448 6996
              http://www.sensepost.com


--
jonathan () leto net
"With pain comes clarity."

Current thread:

Re: default password list, (continued)
- - - Re: default password list Arturo Busleiman (Jul 03)
    - Default passwords Joe Jenkins (Jul 03)
    - Re: Default passwords Ron DuFresne (Jul 03)
    - Re: Default passwords Usman (Jul 03)
    - Re: Default passwords Ex Machina (Jul 03)
    - Re: Default passwords Juan M. Courcoul (Jul 03)
    - Page Joe Jenkins (Jul 03)
    - Re: Default passwords Russ Katz (Jul 03)
    - Re: Default passwords Cold Fire (Jul 03)
    - default password list - round 1. Roelof Temmingh (Jul 04)
    - Re: default password list - round 1. Jonathan Leto (Jul 04)
    - Maximum Linux Security (d/l) Arturo Busleiman (Jul 04)
    - Re: Maximum Linux Security (d/l) Korhan Gurler (Jul 04)
    - RES: Maximum Linux Security (d/l) Guilherme Mesquita (Jul 04)
    - Re: RES: Maximum Linux Security (d/l) Richard Rager (Jul 04)
    - Any Critical Path N-Plex vulnerabilities ? Juan M. Courcoul (Jul 05)
    - default passwords...partII Roelof Temmingh (Jul 04)
    - Re: default passwords...partII Daniel SALAGEAN (Jul 04)
    - Re: default passwords...partII Joe Jenkins (Jul 05)
    - Re: default passwords...partII Daniel SALAGEAN (Jul 05)
    - Re: default passwords...partII CouNT (Jul 06)

(Thread continues...)