A default password, a preconfigured password for a device or software, can be easily found on the internet and in instruction manuals; thus, it must be changed during the initial setup. If the default password is not changed, it can create a significant security vulnerability, as anyone who knows the default password can easily gain access to the account. This provides an attack vector for nearly every corporate network, increasing the risk of hacking and cracking threats, such as a serious breach of confidentiality.

Changing default passwords is one of the most fundamental and crucial aspects of cybersecurity. However, it is often overlooked. If a default password, which should only be shared internally, is externally exposed, attackers can exploit it and execute an attack. We used the keywords “Default Password” and the title filter on Criminal IP to search for exposed default passwords.

[Criminal IP Search 101- How Hackers Find Your Default Password]

How to Search for IP Addresses of Websites With the Keyword Default Password

When searching “Default Password” on Criminal IP Asset Search, we found a total of 221,921 IP addresses and banners of websites, such as general login pages, software admin pages, and gateway equipment suppliers’ pages.

“Default Password”

Result when searched "Default Password" on Criminal IP Asset Search

Result when searching “Default Password” on Criminal IP Asset Search

How to Search for Default Passwords Using Title Filter

If you add a title filter and search for “Default Password” title:admin, you can find manual pages that display default passwords.

“Default Password” title:admin

Result when searched "Default Password" title:admin on Criminal IP Asset Search

Result when searching “Default Password” title:admin on Criminal IP Asset Search

If you go onto one of the searched IP addresses, you can see that the username and password of an admin account are exposed. The problem with this is that before the administrator, the attacker might gain complete access to the website and launch another cyber attack.

An admin login page that presents Default Password

An admin login page the present the default password

In another IP address, you can see that a manual page is exposed and displays both the username and password.

An admin manual page that presents default password

An admin manual page that presents the default password

Using the same mechanism, you can use variations of the title filter like title:system and title:monitoring. The following is a website we found using  “Default Password” title:system. The main body of the following manual page provides information on default account.

“Default Password” title:system

An login manual page that presents password

A login manual page that presents the default password

In addition, you can figure out the default password without having to access the actual website but through its banner. The screenshot below is a banner of the login page with an exposed default password.

You can figure out the default password through IP’s banner

As the previous examples suggest, the vulnerability of default passwords is that they are often easy to guess or publicly displayed on the website during the initial setup. This makes your account susceptible to even simple hacking attempts. Therefore, it is crucial to change the default password immediately and regularly check for any externally exposed manual pages.

Source : Criminal IP