Factory Default Passwords Put Critical Infrastructure At Risk
Stressing the importance of account password management and changing factory defaults
Recently discovered weaknesses in a widely used router may leave critical infrastructure vulnerable to invasion. With this flaw, a guest or other unprivileged user account could easily obtain the privileges of an administrator account, possibly taking control of switches, applications, and any other industrial controls connected to the device. All of this is possible through a “factory account” with a default password which makers GarrettCom failed to remove or alter before distribution.
An advisory recommendation has been issued by the Industrial Control Systems Cyber Emergency Response Team which urges owners of the devices to install a security patch which permanently locks the troublesome factory account.
Though it appears the Trojan account comes only with these specialized routers, this article reminds us of the need to always review documentation for default passwords and change them. If this is not a standard procedure whenever you deploy new technology (and a standard vulnerability in your drill-down risk assessments!) you are eventually going to be at-risk not because of a patch issue or a user issue, but because of a configuration issue.
Original article by Dan Goodin
Read the full article here.
Leave a comment
Devices like fax machines and copiers are often classified as office supplies and sli Read more
Seven trends impacting Information Security Officers of Small Institutions! Another o Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
2018 has been the year of the data breach, but how are consumers reacting? An article Read more