[120967] in North American Network Operators' Group
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Jan 6 23:07:50 2010
Date: Wed, 6 Jan 2010 20:06:51 -0800
In-Reply-To: <698A9D5B-0CBC-4BE5-AF86-0A373A3697BA@arbor.net>
From: "George Bonser" <gbonser@seven.com>
To: "NANOG list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Dobbins, Roland=20
> Sent: Wednesday, January 06, 2010 7:23 PM
> To: NANOG list
> Subject: Re: Default Passwords for World Wide Packets/Lightning Edge
> Equipment
>=20
>=20
> On Jan 7, 2010, at 10:19 AM, Dobbins, Roland wrote:
>=20
> > Which goes to show that they just really don't get it when it comes
> to security. Maybe they should look here at all the entries for
> 'default credentials':
>=20
> Actually, should be 'default password'.
>=20
One of the problems I have seen is an organization where someone uses
something stupid just to get something up and running (say a password of
"password" or "foo" or something) with every intention of coming back to
fix it later but forgets to. That is what I meant yesterday about an
organizational "default" password that can be just as bad as the
manufacturers default.
At least with some manufacturers you can log in from the console with
the factory "default" password but can't log in over the network unless
you have set one.=20