Security Portal: Default Passwords and What You Can Do About Them | Linux Today

Security Portal: Default Passwords and What You Can Do About Them

Written By
Web Webster
Web Webster
Jul 28, 2000

“This is a rather large security issue that has been (until
lately) largely ignored and swept under the carpet. Many vendors
have a dirty little secret: they ship software and hardware with
default usernames and passwords, some of which they do not tell
customers about. Once an attacker knows these default settings they
can typically access the software remotely and gain administrative
control. This can be extremely dangerous. Consider an attacker
gaining access over your switch and routing infrastructure and
forwarding traffic from the R&D department to another server.
Alternatively, imagine the attacker taking over your remote access
devices, such as ISDN routers, and then sniffing passwords as users
access the corporate LAN.”

“This is a huge problem because companies buy lots and lots of
hardware and software that they need to deploy quickly. This often
results in minimal configuration effort being made, and the default
passwords are usually left in, due to carelessness, or for the
simple fact that the people installing it don’t know….”

The reason this issue exists is that vendors want to make
products easy to deploy, increase ease of use and decrease support
costs.
When shipping a software or hardware product that has
passwords, the cheapest solution is to simply leave them blank or
set them with a default password. Ideally, vendors would ship each
piece of hardware with a different, hard to guess default password
such as “2i3h2323ddf” and tell the customer what it is. Some
vendors do this, but it is relatively rare. Ideally with hardware,
the vendor should log in to the hardware, generate a random
password and then assign it, and print out the password and ship it
with the product. For software vendors this is a bit more
difficult, as mass producing CD-ROMs is not feasible if every
CD-ROM must be different. In a perfect world, software products
would generate secure random passwords during install and notify
the user. Unfortunately this would also increase support costs and
user aggravation, so as with most security issues, ease of use
beats out security.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.