Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks.
Out of more than 1.8 million administrator credentials analyzed, over 40,000 entries were “admin,” showing that the default password is widely accepted by IT administrators.
Default and weak passwords
The authentication data was collected between January and September this year through Threat Compass, a threat intelligence solution from cybersecurity company Outpost24.
Outpost24 says that the authentication credentials come from information-stealing malware, which typically targets applications that store usernames and passwords.
Although the collected data was not in plain text, the researchers say that “most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack.”
“To narrow down our password list to administrator passwords, we searched the statistical data stored in the Threat Compass backend for pages identified as Admin portals. We found a total of 1.8 million passwords recovered in 2023 (January to September)” - Outpost24
Depending on its purpose, an admin portal could provide access related to configuration, accounts, and security settings. It could also allow tracking customers and orders, or provide a means for create, read, update, delete (CRUD) operations for databases.
After analyzing the collection of authentication credentials for admin portals, Outpost24 created a top 20 of the weakest authentication credentials:
01.
admin
11.
demo
02.
123456
12.
root
03.
12345678
13.
123123
04.
1234
14.
admin@123
05.
Password
15.
123456aA@
06.
123
16.
01031974
07.
12345
17.
Admin@123
08.
admin123
18.
111111
09.
123456789
19.
admin1234
10.
adminisp
20.
admin1
The researchers warn that although the entries above are “limited to known and predictable passwords,” they are associated with admin portals, and threat actors are targeting privileged users.
Defending the enterprise network starts w ..
Support the originator by clicking the read the rest link below.
