Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, May 25, 2010

Default Database Passwords Still In Use

The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say.  “It’s a problem that has been around for a long, long time,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.‘s research arm.

The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say.  “It’s a problem that has been around for a long, long time,” says Alex Rothacker, manager of Team SHATTER, Application Security Inc.‘s research arm.  “A lot of default passwords out there get installed when you deploy a database, you install an add-on to it, or even if you install a third-party application that uses the database.”  As he puts it, the problem of default passwords lingering in the wild has built up during the years as a result of cumulative errors by both vendors and database administrators.

In the past, the majority of vendors had no compunction about pushing out installers that automatically created default accounts to expedite the deployment of new databases, add-ons, or applications on top of the database.

Rothacker says the situation on the vendor front has improved considerably in recent years, but default passwords continue to be a problem for a number of reasons.

Organizations that choose to skip such a review could be leaving themselves at serious risk, says Rich Mogull of Securosis.

Team SHATTER last week launched a series of week-long database vulnerability-a-day awareness campaigns to draw attention to a wide range of database deployment deficiencies in the enterprise.

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225200102&cid=RSSfeed

Posted on 05/25
TrendsPermalink