3 Tales of Systems Architecture Dilemmas

13.05.2009

Web interfaces and default passwords: A bad combination

I have seen it all. For the most part the problems I see are ones that you might guess, such as user training, or lack thereof, misconfigured systems, lack of funding for security. One of the biggies that I see often is easy to find, easy to fix, and potentially devastating: Web interfaces.

When performing assessments we always scan for open web interfaces. These days, almost everything has a web interface; Storage Area Networks, Uninterruptible Power Supply systems (UPS), printers, alarm systems, phones, backup systems, servers, the list goes on. Potentially severe issues arise when these web interfaces are enabled with the default credentials in place.