> -----Original Message----- > From: Dobbins, Roland > Sent: Wednesday, January 06, 2010 7:23 PM > To: NANOG list > Subject: Re: Default Passwords for World Wide Packets/Lightning Edge > Equipment > > > On Jan 7, 2010, at 10:19 AM, Dobbins, Roland wrote: > > > Which goes to show that they just really don't get it when it comes > to security. Maybe they should look here at all the entries for > 'default credentials': > > Actually, should be 'default password'. >
One of the problems I have seen is an organization where someone uses something stupid just to get something up and running (say a password of "password" or "foo" or something) with every intention of coming back to fix it later but forgets to. That is what I meant yesterday about an organizational "default" password that can be just as bad as the manufacturers default. At least with some manufacturers you can log in from the console with the factory "default" password but can't log in over the network unless you have set one.
