OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Updated Default Account Database
From: Eric Knight (deceased1HOME.COM)
Date: Thu Jul 06 2000 - 18:07:12 CDT

VULN-DEV:

From reading the articles people have posted, there were some requests to
"fan out" the list into more fields than just three or four. I've changed
my format around from ascii to a spreadsheet, and there is a CSV file
attached containing the spreadsheet with the fanned out model. You can load
it up with any favorite spreadsheet program. The spreadsheet has the
following fields:

     o Manufacturer
     o Product
     o Version
     o Protocol
     o User ID
     o Password
     o Access
     o Comments

I've also added everything posted on the list so far, including all the BIOS
information (except all the "unknown" ones -- those will be added later)
I'd like to request that people with more experience than I do look at the
fanned out list. In particular, I'm not entirely sure about protocols (if
all that networking equipment is connected to via console, telnet, http, or
some management tool), user access (especially in case of old or unusual
equipment), and versions (especially in the Cisco area.)

The database has gotten fairly long (over 700 entries), and I'm considering
posting it to BUGTRAQ because it really is a useful resource that people
there would find fascinating. In of itself, it isn't a "new bug" but
instead is a new and improved version of an old security problem. However,
I'm not going to do so until the product is fully "developed" and that means
some cleaning up and testing.

If you would rather see a better looking HTML or true Excel version, they
are available at http://www.securityparadigm.com/defaultpw.htm

Take it easy,

Eric Knight
knightsecurityparadigm.com

  • application/octet-stream attachment: dad.csv