Factory Default Passwords Put Critical Infrastructure At Risk
Stressing the importance of account password management and changing factory defaults
Recently discovered weaknesses in a widely used router may leave critical infrastructure vulnerable to invasion. With this flaw, a guest or other unprivileged user account could easily obtain the privileges of an administrator account, possibly taking control of switches, applications, and any other industrial controls connected to the device. All of this is possible through a “factory account” with a default password which makers GarrettCom failed to remove or alter before distribution.
An advisory recommendation has been issued by the Industrial Control Systems Cyber Emergency Response Team which urges owners of the devices to install a security patch which permanently locks the troublesome factory account.
Though it appears the Trojan account comes only with these specialized routers, this article reminds us of the need to always review documentation for default passwords and change them. If this is not a standard procedure whenever you deploy new technology (and a standard vulnerability in your drill-down risk assessments!) you are eventually going to be at-risk not because of a patch issue or a user issue, but because of a configuration issue.
Original article by Dan Goodin
Read the full article here.
Leave a comment
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
We’re pretty proud of Dan’s predictive prowess and can’t resist taking another look a Read more
Great Resources For User Awareness An article review. We at infotex take great pride Read more
As the cryptocurrency gains users, some financial organizations are cracking down. An Read more