Default Password, a pre-configured password for a device, can be easily found on the internet and instruction manuals, thus must be changed during the initial setup. If not, because anybody who knows the default password can login into the account, it provides an attack vector for nearly every corporate network resulting in hacking and cracking threats, such as a serious breach of confidentiality.

Changing default passwords is the most fundamental, yet crucial part of cyber security which is often overlooked. If default password that should only be shared internally is externally exposed, attackers can exploit this and execute an attack. We searched for exposed default passwords using keyword “Default Password” and title filter on Criminal IP.

[Criminal IP Search 101- How Hackers Find Your Default Password]

How to Search for IP addresses of Websites the with the Keyword Default Password

When searched “Default Password” on Criminal IP Asset Search, we found a total of 221,921 IP addresses and banners of websites such as general login pages, software admin pages and gateway equipment suppliers’ pages.

“Default Password”

Result when searched "Default Password" on Criminal IP Asset Search

Result when searched “Default Password” on Criminal IP Asset Search

How to Search for Default Passwords Using Title Filter

If you add a title filter and search for “Default Password” title:admin, you can find manual pages that display default passwords.

“Default Password” title:admin

Result when searched "Default Password" title:admin on Criminal IP Asset Search

Result when searched “Default Password” title:admin on Criminal IP Asset Search

If you go onto one of the searched IP addresses, you can see that the username and password of an admin account are exposed. The problem with this is that before the administrator, the attacker might gain complete access to the website and launch another cyber attack.

An admin login page that presents Default Password

An admin login page that presents Default Password

In another IP address, you can see that a manual page that displays username and password is exposed.

An admin manual page that presents default password

An admin manual page that presents default password

Using the same mechanism, you can use variations of the title filter like title:system and title:monitoring. The following is a website we found using  “Default Password” title:system. The main body of the following manual page provides information on default account.

“Default Password” title:system

An login manual page that presents password

An login manual page that presents default password

In addition, you can figure out the default password without having to access the actual website but through its banner. The screenshot below is a banner of the login page with an exposed default password.

You can figure out the default password through IP’s banner

As the previous examples suggest, the problem with the default password is that it is often displayed on the website for initial setup or made up of easy combinations, meaning your account can be hacked even with a simple attack. Therefore, it is important to change the password promptly and check if the manual page is externally exposed on a regular basis.


Source : Criminal IP