fshmcallister
commented
4 years ago Is this a single entry for an FAQ? Or its own article discussing the dangers of default credentials
Open vpetersson opened 4 years ago
fshmcallister
commented
4 years ago Is this a single entry for an FAQ? Or its own article discussing the dangers of default credentials
vpetersson
commented
4 years ago Is this a single entry for an FAQ? Or its own article discussing the dangers of default credentials
It's a single FAQ entry. There is an optional further expansion in form of a blog post if needed (but not sure that's the case here).
fshmcallister
commented
4 years ago FAQ version:
Q. What are 'Default Credentials?' A. These are typically inbuilt credentials that manufacturers use for the initial startup of a device. They are meant to be temporary and changed once a user has set up. The most common devices that use default credentials are typically, but not limited to, IoT devices; such as internet modems, cameras, and PCB based technologies such as Raspberry Pis.
Q. So what is Default Credential Vulnerability? A. The vulnerability here is that these default credentials are typically in the form of a known username and password. This makes them easy to set up, but also vulnerable to external attack if the user does not then change these. This is the basis of how the Mirai malware was able to infiltrate many devices and launch a wide-scale DDoS attack.
Q. What can I do? How do I even know if I have Default Credentials on my device? A. Immediately change your device access credentials to something private. Examples of typical Default Credentials are:
Username: admin/administrator/root/system/guest/operator/super Password: password/pass123/password123/admin/guest and as you may know, all Raspberry Pis by default have the username pi and password raspberry. However, you may not even know that your device has default or common credentials. WoTT's agent automatically scans your devices against data from Mirai and against other common cases so that you can better protect your devices. If one of your devices is displayed on the WoTT Dashboard with a Default Credential warning, we strongly recommend that you quickly resolve this issue.
Default credentials will lower your device's Trust Score.
fshmcallister
commented
4 years ago tl;dr:
Default Credential Vulnerability is a catch-all phrase referring to any instance where a user's device has either inbuilt credentials; such as predetermined at manufacturing, or common credentials; classic examples of this being users with the password password. If you find that one of your devices has this issue, you should aim to update this immediately.
To do so:
123 or password. WoTT will flag any device with exploitable credentials.fshmcallister
commented
4 years ago OR
if the tl;dr is the pop up message:
Default Credentials detected on device. This means your device is insecure and vulnerable to attack by malware such as Mirai. Go to [insert link to FAQ/article] to fix issue.
vpetersson
commented
4 years ago Just to give you some context, here’s where this would go:
There will also be a link to the article if applicable.
As you can see, the “FAQ” style that you wrote does not really fit into this model. Please revise accordingly.
These are typically inbuilt credentials that manufacturers use for the initial startup of a device
Keep in mind that we are no longer dealing with just devices. Default credentials also exist in say VMs for some vendors.
So what is Default Credential Vulnerability
I don’t know if I would call them “Default Credential Vulnerability” - just call them “default credentials”
change both your username and password
I don’t think that is necessary. Changing the password is sufficient.
fshmcallister
commented
4 years ago thanks, the layout makes things a bit more clear. Would've been more helpful to have had it to begin with though.
I don’t know if I would call them “Default Credential Vulnerability” - just call them “default credentials”
this is how I've seen the issue referred to in a broader sense
[change username and password] I don’t think that is necessary. Changing the password is sufficient.
Noted
Keep in mind that we are no longer dealing with just devices. Default credentials also exist in say VMs for some vendors.
Using device as an all-encompassing term. Would node be better?
fshmcallister
commented
4 years ago TITLE:
Default credentials detected
[DEVICE] vulnerable to attack. Change as soon as possible.
TL;DR options:
Original 2:
Default Credentials detected on [DEVICE] [THESE DEVICES]. This means your [DEVICE(S)] is/are insecure and vulnerable to attack by malware such as Mirai. Go to [insert link to FAQ/article] to fix issue.
much more bare-bones, would link to an article
Default credentials refers to any instance where a [DEVICE] has either inbuilt credentials, such as predetermined at manufacturing, or common credentials; classic examples of this being users with the password
password. You should aim to resolve this immediately by creating a more secure password on the affected [DEVICE].
somewhat more colloquial
Default credentials detected on [INSERT DEVICE/NODE NAME HERE]. This means your [DEVICE(S)] contain(s) a username and password combination that is either commonly used or predetermined by manufacturing. Consider changing your password to something secure.
Newer, more formal approach
fshmcallister
commented
4 years ago FAQ:
Default Credential Vulnerability refers to when a [DEVICE/ENDPOINT] has default credentials thus leaving them vulnerable to attack from malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a [DEVICE/ENDPOINT] easier. For example, the default username pi and password raspberry for Raspberry Pi.
The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; servers run on virtual machines, Pis, and some Linux distributions with a default root user. These credentials are intended to be temporary and updated by the user shortly after set up.
WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. If you see a 'Default credentials detected' warning on your WoTT Dashboard, we strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as 123, password, and variations of, and do not distribute your password to anyone. To be more secure, consider changing username as well. Default credentials will lower your node's Trust Score.
AlEsmail
commented
4 years ago I like the FAQ. I'll let Viktor decide on tone for the tl;dr
vpetersson
commented
4 years ago Good job, @fshmcallister. I modified it slightly, but it was a good start.
Title: Default credentials detected
Tl;dr: Default credentials refers to any instance where a [DEVICE] has either inbuilt credentials, such as predetermined at manufacturing, or common credentials; classic examples of this being users with the password password. You should aim to resolve this immediately by creating a more secure password on the affected [DEVICE].
FAQ Version:
Default credentials refers to when a [DEVICE/ENDPOINT] has default credentials thus leaving them vulnerable to simple dictionary attacks, used by malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a [DEVICE/ENDPOINT] easier. For example, the default username pi and password raspberry for Raspberry Pi.
The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; some virtual machines appliances, and some Linux distributions with a default root user. These credentials are intended to be temporary and updated by the user shortly after set up.
WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. We strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as 123, password, and variations of, and do not distribute your password to anyone. To be more secure, consider changing username as well. Default credentials will lower your node's Trust Score.
Side note:
If you see a 'Default credentials detected' warning on your WoTT Dashboard, w
Please note that this is read from within the dashboard.
Also, note that the FAQ version will appear below the tl;dr version in the dashboard.
fshmcallister
commented
4 years ago are you happy with it? Or do you want me to touch it up a little further?
vpetersson
commented
4 years ago It's good @fshmcallister
fshmcallister
commented
4 years ago Title: Default credentials detected
consider changing your credentials
Tl;dr
We've detected default or weak credentials, such as ones predetermined at manufacturing, or common credentials; classic examples of this include having 'password' as your password. Change your credentials to something more secure.
FAQ Version
Default credentials refers to when common or pre-determined credentials like login combinations are used, thus leaving devices vulnerable to simple dictionary attacks. This is what enabled malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a piece of equipment easier. For example, the default username 'pi' and password 'raspberry' for Raspberry Pi or the user 'admin' and the password 'admin' on many routers.
The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; some virtual machines appliances, and some Linux distributions with a default root or admin user. These credentials are intended to be temporary and updated by the user shortly after set up.
WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. We strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as 123, password, and other variations of, and do not distribute your password to anyone. To be more secure, consider changing username as well. Default credentials will lower your node's Trust Score.
Code Snippet
None for now. Later to be replaced with a passwd command.
a-martynovich
commented
4 years ago @fshmcallister subtitle?
We need to rework the recommend action for "default credentials", as well as adding additional info.
Here's the existing Recommended Action:
Title: Default credentials detected Body: We found default credentials present on {devices}. Please consider changing them as soon as possible.
Please rework this as per these instructions.
Keep in mind that we are also adding the username as a variable. See https://github.com/WoTTsecurity/agent/issues/251 for details.