Default password

Quality 0.50 · 0 views · Updated 2 months ago

Password for devices on factory default settings

title: "Default password" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["password-authentication", "computer-security-exploits"] description: "Password for devices on factory default settings" topic_path: "technology/computing" source: "https://en.wikipedia.org/wiki/Default_password" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Password for devices on factory default settings ::

::figure[src="https://upload.wikimedia.org/wikipedia/commons/3/3c/Default_password.agr.jpg" caption="WiFi Router with default password "password""] ::

Where a device needs a username and/or password to log in, a default password is usually provided to access the device during its initial setup, or after resetting to factory defaults.

Manufacturers of such equipment typically use a simple password, such as admin or password on all equipment they ship, expecting users to change the password during configuration. The default username and password are usually found in the instruction manual (common for all devices) or on the device itself.

Default passwords are one of the major contributing factors to large-scale compromises of home routers. Leaving such a password on devices available to the public is a major security risk. There are several Proof-of-Concept (POC), as well as real world worms running across internet, which are configured to search for systems set with a default username and password. Voyager Alpha Force, Zotob, and MySpooler are a few examples of POC malware which scan the Internet for specific devices and try to log in using the default credentials.

In the real world, many forms of malware, such as Mirai, have used this vulnerability. Once devices have been compromised by exploiting the Default Credential vulnerability, they can themselves be used for various harmful purposes, such as carrying out Distributed Denial of Service (DDoS) attacks. In one particular incident, a hacker was able to gain access and control of a large number of networks including those of University of Maryland, Baltimore County, Imagination, Capital Market Strategies L, by leveraging the fact that they were using the default credentials for their NetGear switch.

Some devices (such as wireless routers) will have unique default router usernames and passwords printed on a sticker, which is more secure than a common default password. Some vendors will however derive the password from the device's MAC address using a known algorithm, in which case the password can also be easily reproduced by attackers.

References

References

  1. (2015). "Owning Your Home Network: Router Security Revisited".
  2. "The Risk of Default Passwords". SANS.
  3. Opaska, Walter P.. (1986-09-01). "Closing the VAX Default Password "Backdoor"". EDPACS.
  4. (2020-05-31). "Recurrent GANs Password Cracker For IoT Password Security Enhancement". Sensors.
  5. (2022-08-03). "The Rise of "Internet of Things": Review and Open Research Issues Related to Detection and Prevention of IoT-Based Security Attacks". Wireless Communications and Mobile Computing.
  6. "The Risk of Default Passwords". SANS Technology Institute.
  7. (7 December 2012). "If your router is still using the default password, change it now!". IDG Communications, Inc..
  8. (31 October 2014). "Reversing D-Link's WPS Pin Algorithm". Embedded Device Hacking.

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

password-authenticationcomputer-security-exploits