Notes from the Field • 5 Min READ

Notes from the Field. Don’t Default on Password Security

by Aaron Hambleton, Eleanor Barlow • Jul 2020

Password security has been a hot topic for some time now. In fact, the discussion surrounding password complexity, single sign on, protecting accounts with multifactor authentication, and password storage has been, and continues to be, a prominent discussion across every industry and in most organisations.

But despite being a popular topic, our team of security analysts and experts here at SecurityHQ are still identifying applications and appliances in which default credentials are enabled.

Default credentials are a specific vulnerability in which pre-set administrative access is configured within the settings of applications, routers, switches, and other appliances. Often, the responsible teams can forget to disable default credentials, or they leave them enabled for convenience, which leaves organisations vulnerable to compromise.

What is the Risk of Default Credentials?

Default credentials used by applications and appliances are often published on the internet. This can be a big problem. Say, for instance, your organisation becomes compromised. An attacker will typically first scan your network to see where they can move next. The results of the scan will help the attacker to identify information like what ports are open in your network, along with any detected vulnerabilities. If an attacker was lucky enough to identify applications or appliances with default credentials enabled, it won’t take them long to hunt on the internet for these published credentials.

And, if an application or appliance is public facing, then bad actors do not even need to spend time infiltrating, just a simple scan using open source vulnerability assessment software will reveal if default credentials are enabled.

If this now compromised application is running on a domain joined server, it becomes very easy for an attacker to craft their attack in order to move laterally through your network, compromising additional accounts and servers as they go.

How to Detect Default Credentials Enabled Across Your Network

Most vulnerability assessment tools make it easy to identify applications and appliances with default credentials enabled. Qualys, Nessus & Rapid7 all have the ability to probe default credential authentication from a remote or unauthenticated attacker’s perspective.

You should engage your Vulnerability Management team to assess your environment, and report back with your exposure. Remediation priorities should be applied to applications or appliances that are public facing and exposed to the internet.

The below screenshot is taken from a recent SecurityHQ client engagement, whereby our team of vulnerability analysts identified multiple applications and public facing appliances with default credentials enabled.

Multiple applications and public facing appliances with default credentials enabled

What to Do Next

  1. Once default credentials are highlighted, change, or disable them immediately if they are not required.
  2. Ensure that new passwords are used, and that these passwords are unique, long, and include a combination of different numbers, letters, and symbols. Do not use old passwords.
  3. Store the new unique passwords safely in a password manager or enterprise Privileged Access Management tool (PAM).  
  4. Take this opportunity to evaluate if a public facing application or appliance is really meant to have such exposure. By limiting the exposure, you will help to reduce the attack vectors.

Why You Need Vulnerability Management as a Service

You want to avoid costly data breaches. But to accurately view, detect, classify, act on, and contextualise vulnerabilities across all your digital platforms, including applications, systems, cloud, and hardware, requires Vulnerability Management as a Service.

By using a global Managed Security Provider, you receive round-the-clock assistance every minute of every day from experienced security analysts and engineers, so that all critical applications and devices can be scanned at any one time, even in the middle of the night, or over the weekends.

Vulnerability Management experts monitor your exposure, identify weak points, assess, and contextualise the risks to your business and report on and guide you with regards to the prioritisation, patching and remediation that is required. Saving you valuable time and resources.

For more information regarding SecurityHQ’s Vulnerability Management service, contact the team here.