If there is one thing that Brackish testers have seen a lot lately, it is default credentials. In five out of the last five engagements performed by Brackish, testers have found default credentials in use. In several of these instances, these default credentials have led to highly critical issues in internal networks, external networks, and web applications.
Unfortunately, most experienced pentesters will tell you that default (or weak) credentials are still a major thing in 2022. So you may ask, “How can we ensure our applications and devices are secure?” Or maybe, “How can we make sure they aren’t using default credentials, we have thousands of hosts on our internal network?”
There a several ways to go about this, but my two favorite are:
Regular Penetration Tests and Vulnerability Scans
Having regular penetration tests and vulnerability scans done will help you root out these devices that have default credentials set. In fact, they may even help you find devices on your network that you didn’t know existed, which happens all too often.
Change Management/Credential Management/Asset Inventory/etc.
If you don’t know a device is on your network, you don’t have a good inventory of your network. There are many ways to go about obtaining an inventory, but most of them involve running a specific application combined with manual scanning or network packet capturing. It doesn’t really matter what method you choose, as long as you get a full inventory of what is connected.
Once you have an inventory, you can check to ensure that the default credentials have been changed, but you should also ensure that all of these devices are part of some sort of larger credential management process that enforces strong, unique passwords and password rotation. Moving forward, you should ensure that every device that gets added to the network is part of this credential management process.
As pentesters say, creds are king, so if you don’t want to be a pawn, contact Brackish for a penetration test or consulting today.