====== Default Password Vulnerability ======

A default password as set by the default distrubution of some software or application or device.  This vulnerability is particularly dangerous as there are my publicly available lists of default passwords.

===== Remedy =====

A possible remedy is installation-time password generation.  For example when initial installation happens, the default password could be set to the current date.  This would make the password significantly more difficult to guess.

===== Additional Information =====

  * [[http://www.cirt.net/cgi-bin/passwd.pl|CIRT.net default passwords lists]]
  * [[security:attack:password_cracking|Password Cracking Attempt]]
  * See [[security:web_application_security|web application security]] and [[catalog|security vulnerabilities catalog]].