Generally, devices /embedded systems/tools/frameworks come with default configurations that contain default credentials.
These default credentials are only for initial setup and configuration, and almost all manufacturers suggest changing it before using it.
The most common devices having default credentials are Network Modem/ Routers/ Camera and IoT Devices.
According to this 61% targets has default passords.
An attacker can quickly get such default username/passwords from the documentation. They are also available on websites like https://cirt.net/passwords
here is a one simple example
Username: admin/administrator/root/system/guest/operator/super Password: password/pass123/password123/admin/guest
It could allow the attacker to access the administrative portal related to that device.
It could leak sensitive data/information of the organization
- Change Default Passwords before deploying the system
- Manufacturers should use unique and robust default passwords instead of simple and common ones.
- Force user to change the default password during initial setup
- changeme : A default credential scanner.