-----Original Message----- From: Dobbins, Roland Sent: Wednesday, January 06, 2010 7:23 PM To: NANOG list Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Jan 7, 2010, at 10:19 AM, Dobbins, Roland wrote:
Which goes to show that they just really don't get it when it comes to security. Maybe they should look here at all the entries for 'default credentials':
Actually, should be 'default password'.
One of the problems I have seen is an organization where someone uses something stupid just to get something up and running (say a password of "password" or "foo" or something) with every intention of coming back to fix it later but forgets to. That is what I meant yesterday about an organizational "default" password that can be just as bad as the manufacturers default. At least with some manufacturers you can log in from the console with the factory "default" password but can't log in over the network unless you have set one.