The Dangers of Default Passwords: Why Changing Default Settings is Crucial.
- MARCH 19TH, 2025
- 2min read
Introduction
Default passwords are standard, known userid/password pairs that are preinstalled into an
operating system, database or software intended for initial testing, installation, and
configuration operations, and it is best practice to change the default password before deploying
the system in a production environment. This is because default passwords are easily exploited
by attackers as they can be easily obtained in product documentation and compiled lists
available on the internet.
In 2024, The SolarWinds Web Help Desk (WHD) software was affected
by a hardcoded credential
vulnerability
Affected Products
Here is a list of systems, devices or products that commonly use default passwords:
- Routers, access points, switches, firewalls, and other network equipment.
- Databases and management systems, including IDMS, Oracle, and Microsoft SQL.
- Web applications and Administrative web interface.
- Industrial Control Systems (ICS) systems.
- Other embedded systems and devices
- Remote terminal interfaces like Telnet and SSH
Best Practices
-
Change Password:
Change default passwords before deploying the system on a
network with internet access. Use a sufficiently strong and unique password. -
Apply Updates:
Turn on automatic updates for your programs and devices to ensure
the latest security patches are applied. -
Restrict Network Access:(MFA):
Restrict network access to trusted hosts and networks and
only allow internet access to required network services. -
Scan and Monitor:
Scan your environment regularly to ensure no systems on your
network are using default passwords. -
Authentication Mechanisms:
Wherever possible, add an extra layer of security using
authentication mechanisms like Multifactor authentication, Kerberos, x.509
certificates, public keys, etc.
By adhering to these best practices of default passwords, organisations can reduce the risk
of unauthorised access and data breaches.
Explore more CIL Advisories
Review Bombing Attacks and Extortion
IntroductionMalicious actors use "review-bombing", a coordinated flood of fake, one-star reviews as an initial step for extortion. This high volume…
NOVEMBER 26TH, 2025
Read More
Synthetic Phishing: AI-Enabled Insider Impersonation
IntroductionThreat actors increasingly use artificial intelligence (AI) to impersonate trusted individuals such as executives, employees, or suppliers within organisations. These…
NOVEMBER 24TH, 2025
Read More
The Silent Security Threat: Data Hoarding
IntroductionThe greatest risk to your organization may be the sheer volume of data we hold, a practice known as Data…
NOVEMBER 19TH, 2025
Read MoreNever miss a CIL Security Advisory
Stay informed with the latest security updates and insights from CIL.
The Dangers of Default Passwords: Why Changing Default Settings is Crucial.
Let's get your project from just an idea to a product your customers will love
Send us a message!
Contact Us
Message Sent!
Thank you for reaching out. We have received your message and will get back to you shortly.
Check your email for a confirmation from us.
Start a project
Project Request Submitted!
Thank you for your interest. Our team will review your project details and reach out to you soon.
Check your email for a confirmation from us.
We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy .