Info

Disclosure

Sep 12, 2002

Discovery

Sep 12, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, Linksys routers install with a default password. The administrative account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management, Misconfiguration
Impact: Loss of Integrity, Loss of Availability
Solution: Change Default Setting
Exploit: Exploit Available
Disclosure: Vendor Verified, Third Party Verified
OSVDB: Best Practice

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

Cisco Systems, Inc.

Router

All Versions

References

Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=Linksys

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218