Jump to content

Default admin/admin credential


MWareman

Recommended Posts

Sounds like this is going to have to go away very soon!

 

A new California Law makes it illegal to have a default password on any device that is either directly or indirectly connected to the Internet. This would seem to include the ISY.

 

Best alternative, when you first connect to a device a credential wizard should run to walk the user thru setting a username and password.

 

California Bans Default Passwords on Any Internet-Connected Device - Slashdot

https://it.slashdot.org/story/18/10/05/1814242/california-bans-default-passwords-on-any-internet-connected-device

 

Link to comment

Thanks for the information.  I sure like how our politicians think they can run my life better than myself. ?

Guess  there are going to be many internet devices like smart TV's  and folks who have no knowledge of how thees thing work. Having BIG issues.

 

Link to comment

Yes, we need to fix IoT security.

But this law?  This is only going to solve a very small part of the overall problem, whilst creating a nightmare for the average consumer, and ultimately it's going to poison the well, so-to-speak, for future attempts to solve the bigger picture.

Politicians are neither security experts, nor are they engineers.  This is going to be a lot like the CFL bulb debacle, I fear.

 

Edited to add URL:  https://blog.erratasec.com/2018/09/californias-bad-iot-law.html

 

Link to comment

I do generally agree with the problems of over legislation.

However, default passwords are very bad. Almost all IOT botnet type malware is possible because of default passwords.

That being said - people pick really bad passwords. There must be a better way! Not sure what it is for this type of device though.

I’ll bet that there are *plenty* of us that still have admin/admin as the ISY credential (maybe because we have Portal and the ISY is not port-forwarded so we don’t think it’s a risk) and are mostly unaware that an entire class of attacks is still possible simply because of that default credential.

You do not need to port forward your ISY to be vulnerable with a default credential.

Link to comment

Archived

This topic is now archived and is closed to further replies.


  • Recently Browsing

    • No registered users viewing this page.
  • Who's Online (See full list)

  • Forum Statistics

    • Total Topics
      36.6k
    • Total Posts
      367.9k
×
×
  • Create New...