InformationWeek – Security > Default database passwords still in use

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Security

Default database passwords still in use
Researchers urge review of database accounts against list of more than 1,000 default user name and password combinations By Ericka Chickowski, DarkReading, June 01, 2010

The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say.

"It's a problem that has been around for a long, long time," says Alex Rothacker, manager of Team SHATTER, Application Security Inc.'s research arm. "A lot of default passwords out there get installed when you deploy a database, you install an add-on to it, or even if you install a third-party application that uses the database."

As he puts it, the problem of default passwords lingering in the wild has built up during the years as a result of cumulative errors by both vendors and database administrators. In the past, the majority of vendors had no compunction about pushing out installers that automatically created default accounts to expedite the deployment of new databases, add-ons, or applications on top of the database.

"In order to perform some of the installation functions, they need to create database accounts, and some of them simply go and create an account and put a default password on it that's well-known to the whole world," he says.

Meanwhile, users did nothing to clean up these default accounts once installation was complete. Rothacker says the situation on the vendor front has improved considerably in recent years, but default passwords continue to be a problem for a number of reasons.

To date, AppSec's team has collected more than 1,000 well-known default user name and password combinations used by different vendors within databases across the IT spectrum. Rothacker says organizations should do a thorough check of their database accounts to ensure they are not using any of the combos on the list.

blog comments powered by Disqus

Top Stories

Webcast (On Demand)

"The Social Organization"
Attend Webcast on "The Social Organization" presented by Mark McDonald, Ph.D. Group Vice President, Gartner Fellow, Gartner Executive Programs - He discusses the approaches necessary to bring social media technology together with people to create mass collaboration and transform the way you work. This webcast discusses why it’s important to become a social organization rather than just having social media. Attend this webcast on Demand

Interview

CIOs must leverage social media to increase their presence in the boardroom
Arun Sundararajan, NEC Faculty Fellow and Associate Professor at New York University’s Stern School of Business, discusses with InformationWeek the relevance of social media to the overall business, and how CIOs must handle social media

BankTech India - IT News for BFSI Segment

We're on Google+

InformationWeek India on Facebook