Posted by: Jerry Lees
default passwords, factory default, lost password, Networking, password, routers, Security
In this installment, I thought I’d take a quick break from VBScript and give you a little networking information I stumbled upon.
Recently, at my current job site we had a situation where the client didn’t know the router password because a series of network administrators had left and the password was simply “lost in the shuffle”. Of course, you all know this is not a good situation to be in if you need to preform network maintenance or want to upgrade a portion of the network somehow.
Of course the only thing we could hope for was that the previous network administrators had NOT been security minded and left the router passwords blank, or that there had not been a console password configured… so started off with trying to figure out what the factory default passwords were for the particular router we were working with at the moment. In our search I found a really awesome resource, that will be invaluable if this ever happens to you here. This site has all the major player’s factory default router passwords in a database, simply select your manufacturer and click find password. Where you are then presented with the known factory default router passwords for specific models from the manufacturer! Awesomeness!
Well, as luck would have it, the last guy didn’t follow standard security practices and this site had the default router password we needed. We were able to get in and get the job done– and change the password when we were done. Plus, after such a scare, the client is sure to not let this happen again.
Now, we got lucky (and so did the client after years of service from the router with default passwords), but what if you need to get into a router and the password has been set to something other than default? Well, this situation is a bit harder– but not impossible. You need to see if you can get onto the console of the router, most major manufacturers have a mechanism for you to plug directly into a router with a serial cable and change settings. Hopefully, this will NOT have a console password– if it does try the defaults, just in case.
Once in, get a dump or output of the configuration. Then you will need to follow the manufacturers method to change the password. Should the console connection not have enough security to change the passwords– you may have to set the router to factory defaults. Be sure if you do this you have the configuration completely and you are prepared to rebuild it. I would not recommend you do this unless you have either done this before or you have 24/7/365 support and have the support folks on the phone while you do it.
Here is my recommendation (and I’ll probably get many security folks commenting differently) , but assuming the router is in a secured place, (a hall closet or the CEO’s office does not count) and locked away so only authorized people can get to it, I almost always leave no password on the console for cases just like this one I’ve mentioned.
Hopefully this helps someone out there and good luck!