From: Eric Knight [deceased1@HOME.COM] Sent: Tuesday, July 04, 2000 7:06 PM To: VULN-DEV@SECURITYFOCUS.COM Subject: Finding default passwords (fascinating, simple and fun!) Vulnerability Developers: I did a little net surfing to dig up some more default password configurations. You could say the security through obscurity is definitely being challenged here... How I did it was simple: just went to Lycos, searched for "DEFAULT PASSWORD", and these appeared in the best 200 matches. Many of these appear to come straight from technical support. I think this little activity speaks volumes about this type of security. DIGICORP ROUTERS, default passwords: password or BRIDGE http://www.digicorp.co.uk/connectivity/viper/defaultpass.htm ORBITOR DEFAULT CONSOLE, default passwords: password or BRIDGE http://support.develcon.com/kb/i004.htm CRYSTALVIEW OUTSIDEVIEW 32, default password: crystal http://www.crystalpoint.com/webhelp/802hq.htm CMOS POS Computers, default passwords: ESSEX or IPC http://tap.goaustin.com/TnT/POS/cmos.password.html DATACOM OSICOM, default account/password: sysadm/sysadm http://www.datacomltd.com/Support/Osicom/default_password.htm JETFORM DESIGN, default account/password: JetForm/(none) http://www.milestone.no/database/design/7056.htm APPLE NEWTON NETWORK ADMINISTRATOR TOOLKIT (geez no way!), default password: xyzzy http://www.wire.net.au/~czar/InfoAlley/0796/01/newton.html CPROXY SERVER, default password: asecret http://www.computalynx.net/softwaresupport/documentation/cp33/38.html MICROSOFT WINDOWS NT SERVER 3.51 and earlier, account: Administrator password: "" (blank) http://support.microsoft.com/support/kb/articles/q153/1/97.asp WWWADMIN.PL (cool, html default password!), default account/password: WebAdmin/WebBoard http://www.gorski.net/scripts/lists/scripts-help/1997/02/msg00504.html Anyway, just need a little elbow grease and these things just magically appear. Take it easy all, Eric Knight knight@securityparadigm.com