Vulnerability Development mailing list archives

Finding default passwords (fascinating, simple and fun!)

From: deceased1 () HOME COM (Eric Knight)
Date: Tue, 4 Jul 2000 17:06:05 -0600


Vulnerability Developers:

I did a little net surfing to dig up some more default password
configurations.  You could say the security through obscurity is definitely
being challenged here...  How I did it was simple:  just went to Lycos,
searched for "DEFAULT PASSWORD", and these appeared in the best 200 matches.
Many of these appear to come straight from technical support.  I think this
little activity speaks volumes about this type of security.

DIGICORP ROUTERS, default passwords:  password or BRIDGE
http://www.digicorp.co.uk/connectivity/viper/defaultpass.htm

ORBITOR DEFAULT CONSOLE, default passwords:  password or BRIDGE
http://support.develcon.com/kb/i004.htm

CRYSTALVIEW OUTSIDEVIEW 32, default password:  crystal
http://www.crystalpoint.com/webhelp/802hq.htm

CMOS POS Computers, default passwords:  ESSEX or IPC
http://tap.goaustin.com/TnT/POS/cmos.password.html

DATACOM OSICOM, default account/password:  sysadm/sysadm
http://www.datacomltd.com/Support/Osicom/default_password.htm

JETFORM DESIGN, default account/password:  JetForm/(none)
http://www.milestone.no/database/design/7056.htm

APPLE NEWTON NETWORK ADMINISTRATOR TOOLKIT (geez no way!), default password:
xyzzy
http://www.wire.net.au/~czar/InfoAlley/0796/01/newton.html

CPROXY SERVER, default password: asecret
http://www.computalynx.net/softwaresupport/documentation/cp33/38.html

MICROSOFT WINDOWS NT SERVER 3.51 and earlier, account: Administrator
password: "" (blank)
http://support.microsoft.com/support/kb/articles/q153/1/97.asp

WWWADMIN.PL (cool, html default password!), default account/password:
WebAdmin/WebBoard
http://www.gorski.net/scripts/lists/scripts-help/1997/02/msg00504.html

Anyway, just need a little elbow grease and these things just magically
appear.

Take it easy all,

Eric Knight
knight () securityparadigm com

Current thread:

(no subject), (continued)
- - - (no subject) 3APA3A (Jul 06)
    - (no subject) Slawek (Jul 07)
    - Re: apache and 404/404 status codes Shelagh Pepper (Jul 07)
    - Re: apache and 404/404 status codes Mikael Olsson (Jul 07)
    - Re: apache and 404/404 status codes tgs (Jul 07)
    - 3-Com LanPlex 6000 Password Removal Ben Kruger (Jul 07)
    - Re: apache and 404/404 status codes Bluefish (Jul 08)
    - Re: apache and 404/404 status codes Slawek (Jul 08)
    - Re: apache and 404/404 status codes Vincent Zweije (Jul 08)
    - Re: your mail Bluefish (Jul 07)
    - Finding default passwords (fascinating, simple and fun!) Eric Knight (Jul 04)
    - Default passwords using Cisco ConfigMaker Runar Jensen (Jul 05)
    - Re: Default passwords using Cisco ConfigMaker Aidan O'Kelly (Jul 05)
    - Re: Default passwords using Cisco ConfigMaker Runar Jensen (Jul 05)
    - Re: Default passwords using Cisco ConfigMaker Aidan O'Kelly (Jul 05)
    - Re: Default passwords using Cisco ConfigMaker Damir Rajnovic (Jul 05)
    - Re: Default passwords using Cisco ConfigMaker Runar Jensen (Jul 06)
    - Re: Default passwords using Cisco ConfigMaker Damir Rajnovic (Jul 06)
    - Secure IRC Fabio Pietrosanti (Jul 06)
    - Re: Default passwords using Cisco ConfigMaker Gerardo Richarte (Jul 10)
  - Re: default password list Jan-Frode Myklebust (Jul 03)

(Thread continues...)