The Passwords You Should Never Use

Published: 2016-12-07
Last Updated: 2016-12-07 13:15:50 UTC
by Xavier Mertens (Version: 1)
9 comment(s)

New releases of bad or weak passwords lists are common[1][2] on the Internet. Those lists compile passwords that are used by people to protect (even if it's not the most appropriate term) their accounts. But passwords are everywhere and also used to control access to devices. Recent attacks like the Mirai[3] botnet which attacked IoT devices are a good example. Once infected, a device will start to search for new potential victims by scanning the Internet for some vulnerable ports (TCP/23, TCP/2323 are good examples), then brute-force the password by testing a list of well-known passwords. Those passwords are somewhere different than users' password but just as vulnerable.

While hunting, I found some interesting pieces of C source code that contained lists of passwords used by such infected devices. Keep in mind that a password considered as strong (your know the magic formula: a mix of upper/lower case characters, numbers and special characters) is useless if it is known in the wild!

Here is the list of passwords that I found to be used in the wild:

"" (empty string!)
00000000
1111
1111111
1234
12345
123456
54321
666666
7ujMko0admin
7ujMko0vizxv
888888
Zte521
admin
admin1
admin1234
administrator
anko
default
dreambox
fucker
guest
hi3518
ikwb
juantech
jvbzd
klv123
klv1234
meinsm
pass
password
realtek
root
service
smcadmin
supervisor
support
system
tech
ubnt
user
vizxv
xc3511
xmhdipc
zlxx

If you have devices configured with one of those passwords, change it as soon as possible. Even, if your devices are not facing the internet! Feel free to share your list of passwords if you found others, I'm curious.

[1] http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514
[2] http://www.passwordrandom.com/most-popular-passwords
[3] https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

Keywords: botnet mirai password
9 comment(s)
ISC Stormcast For Wednesday, December 7th 2016 https://isc.sans.edu/podcastdetail.html?id=5281

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives