By Ericka Chickowski
May 25, 2010
The rampant use of default passwords within live database environments
continues to plague the security of enterprise data, researchers say.
"It's a problem that has been around for a long, long time," says Alex
Rothacker, manager of Team SHATTER, Application Security Inc.'s research
arm. "A lot of default passwords out there get installed when you deploy
a database, you install an add-on to it, or even if you install a
third-party application that uses the database."
As he puts it, the problem of default passwords lingering in the wild
has built up during the years as a result of cumulative errors by both
vendors and database administrators. In the past, the majority of
vendors had no compunction about pushing out installers that
automatically created default accounts to expedite the deployment of new
databases, add-ons, or applications on top of the database.
"In order to perform some of the installation functions, they need to
create database accounts, and some of them simply go and create an
account and put a default password on it that's well-known to the whole
world," he says.
Meanwhile, users did nothing to clean up these default accounts once
installation was complete. Rothacker says the situation on the vendor
front has improved considerably in recent years, but default passwords
continue to be a problem for a number of reasons.
Best Selling Security Books and More!
Shop InfoSec News