Rework Default credentials detected #200
Comments
|
Is this a single entry for an FAQ? Or its own article discussing the dangers of default credentials |
It's a single FAQ entry. There is an optional further expansion in form of a blog post if needed (but not sure that's the case here). |
|
FAQ version: Default Credential VulnerabilityQ. What are 'Default Credentials?' Q. So what is Default Credential Vulnerability? Q. What can I do? How do I even know if I have Default Credentials on my device? Username: admin/administrator/root/system/guest/operator/super Default credentials will lower your device's Trust Score. |
|
tl;dr: Default Credential Vulnerability is a catch-all phrase referring to any instance where a user's device has either inbuilt credentials; such as predetermined at manufacturing, or common credentials; classic examples of this being users with the password
|
|
OR if the tl;dr is the pop up message: Default Credentials detected on device. This means your device is insecure and vulnerable to attack by malware such as Mirai. Go to [insert link to FAQ/article] to fix issue. |
|
Just to give you some context, here’s where this would go:
There will also be a link to the article if applicable. As you can see, the “FAQ” style that you wrote does not really fit into this model. Please revise accordingly.
Keep in mind that we are no longer dealing with just devices. Default credentials also exist in say VMs for some vendors.
I don’t know if I would call them “Default Credential Vulnerability” - just call them “default credentials”
I don’t think that is necessary. Changing the password is sufficient. |
|
thanks, the layout makes things a bit more clear. Would've been more helpful to have had it to begin with though.
this is how I've seen the issue referred to in a broader sense
Noted
Using device as an all-encompassing term. Would node be better? |
|
TITLE: Default credentials detected
TL;DR options: Original 2:
much more bare-bones, would link to an article
somewhat more colloquial
Newer, more formal approach |
|
FAQ: Default Credential Vulnerability refers to when a [DEVICE/ENDPOINT] has default credentials thus leaving them vulnerable to attack from malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a [DEVICE/ENDPOINT] easier. For example, the default username The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; servers run on virtual machines, Pis, and some Linux distributions with a default root user. WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. If you see a 'Default credentials detected' warning on your WoTT Dashboard, we strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as |
|
I like the FAQ. I'll let Viktor decide on tone for the tl;dr |
|
Good job, @fshmcallister. I modified it slightly, but it was a good start. Title: Default credentials detected Tl;dr: Default credentials refers to any instance where a [DEVICE] has either inbuilt credentials, such as predetermined at manufacturing, or common credentials; classic examples of this being users with the password password. You should aim to resolve this immediately by creating a more secure password on the affected [DEVICE]. FAQ Version: Default credentials refers to when a [DEVICE/ENDPOINT] has default credentials thus leaving them vulnerable to simple dictionary attacks, used by malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a [DEVICE/ENDPOINT] easier. For example, the default username pi and password raspberry for Raspberry Pi. The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; some virtual machines appliances, and some Linux distributions with a default root user. These credentials are intended to be temporary and updated by the user shortly after set up. WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. We strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as 123, password, and variations of, and do not distribute your password to anyone. To be more secure, consider changing username as well. Default credentials will lower your node's Trust Score. Side note:
Please note that this is read from within the dashboard. Also, note that the FAQ version will appear below the tl;dr version in the dashboard. |
|
are you happy with it? Or do you want me to touch it up a little further? |
|
It's good @fshmcallister |
|
Title:
Tl;dr We've detected default or weak credentials, such as ones predetermined at manufacturing, or common credentials; classic examples of this include having 'password' as your password. Change your credentials to something more secure. FAQ Version Default credentials refers to when common or pre-determined credentials like login combinations are used, thus leaving devices vulnerable to simple dictionary attacks. This is what enabled malware like Mirai. These are typically common username and password combinations that manufacturers implement to make the initial set up of a piece of equipment easier. For example, the default username 'pi' and password 'raspberry' for Raspberry Pi or the user 'admin' and the password 'admin' on many routers. The most common devices that use default credentials are typically, but not limited to, IoT devices, such as internet modems, cameras, and PCB based technologies such as Raspberry Pis; some virtual machines appliances, and some Linux distributions with a default root or admin user. These credentials are intended to be temporary and updated by the user shortly after set up. WoTT's agent automatically scans your devices against data from Mirai and against other common credentials. We strongly recommend that you quickly resolve this issue by changing your password to a more secure one. Avoid passwords such as 123, password, and other variations of, and do not distribute your password to anyone. To be more secure, consider changing username as well. Default credentials will lower your node's Trust Score. Code Snippet None for now. Later to be replaced with a |
|
@fshmcallister subtitle? |
We need to rework the recommend action for "default credentials", as well as adding additional info.
Here's the existing Recommended Action:
Title: Default credentials detected
Body: We found default credentials present on {devices}. Please consider changing them as soon as possible.
Please rework this as per these instructions.
Keep in mind that we are also adding the username as a variable. See WoTTsecurity/agent#251 for details.
The text was updated successfully, but these errors were encountered: