About Us | Contact Us
View Cart

Factory Default Passwords Put Critical Infrastructure At Risk

By Vigilize | Thursday, September 6, 2012 - Leave a Comment

Stressing the importance of account password management and changing factory defaults

Recently discovered weaknesses in a widely used router may leave critical infrastructure vulnerable to invasion. With this flaw, a guest or other unprivileged user account could easily obtain the privileges of an administrator account, possibly taking control of switches, applications, and any other industrial controls connected to the device. All of this is possible through a “factory account” with a default password which makers GarrettCom failed to remove or alter before distribution.

An advisory recommendation has been issued by the Industrial Control Systems Cyber Emergency Response Team which urges owners of the devices to install a security patch which permanently locks the troublesome factory account.

Though it appears the Trojan account comes only with these specialized routers, this article reminds us of the need to always review documentation for default passwords and change them. If this is not a standard procedure whenever you deploy new technology (and a standard vulnerability in your drill-down risk assessments!) you are eventually going to be at-risk not because of a patch issue or a user issue, but because of a configuration issue.


Original article by Dan Goodin
Read the full article here.

Latest News
    Ransomware payments sent to countries under sanctions could result in fines… An article review. Whether or not to pay the organization behind a ransomware attack has been a hotly debated subject for many years, but a new advisory issued by the Treasury Department’s Office of Foreign Assets Control (OFAC) warns those who do pay up […]
    Welcome Webinar Attendees! You can download the deliverables by clicking on the link below. Boilerplates/Handouts Click here to download files.        
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Data by Rob Sobers, writing […]
    Thanks for being interested in our Technology Planning Webinars! This year‘s annual webinar on the subject will include a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent virtual conferences and regulator panels. It’s not too late to register for the 2020 Technology […]
    Check out the Sponsor Video! We will be updating the video on YouTube in the coming days, but will include the credits so everyone is recognized for all their hard work. Like our Facebook, Twitter, and Subscribe on YouTube for further updates! Credits Producer: Bryan Bonnell “K0s$” Director: Sara Fultz Editor: Sofia Tafoya Wardrobe: Our […]