Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings

Research Article

An Overview of the Usage of Default Passwords

  • @INPROCEEDINGS{10.1007/978-3-319-73697-6_15,
        author={Brandon Knieriem and Xiaolu Zhang and Philip Levine and Frank Breitinger and Ibrahim Baggili},
        title={An Overview of the Usage of Default Passwords},
        proceedings={Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings},
        proceedings_a={ICDF2C},
        year={2018},
        month={1},
        keywords={Default passwords Applications Usage Security},
        doi={10.1007/978-3-319-73697-6_15}
    }
    
  • Brandon Knieriem
    Xiaolu Zhang
    Philip Levine
    Frank Breitinger
    Ibrahim Baggili
    Year: 2018
    An Overview of the Usage of Default Passwords
    ICDF2C
    Springer
    DOI: 10.1007/978-3-319-73697-6_15
Brandon Knieriem1,*, Xiaolu Zhang1,*, Philip Levine1,*, Frank Breitinger1,*, Ibrahim Baggili1,*
  • 1: Tagliatela College of Engineering, University of New Haven
*Contact email: bknie1@unh.newhaven.edu, XZhang@newhaven.edu, plevi1@unh.newhaven.edu, FBreitinger@newhaven.edu, IBaggili@newhaven.edu

Abstract

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.