Professional Documents
Culture Documents
7-Assessing SSH Service
7-Assessing SSH Service
admin, cisco, enable, hsa, pix, admin, Admin123, default, password, secur4u, cisco, Cisco, _Cisco, cisco123,
Cisco pnadmin, ripeop, root, shelladmin C1sco!23, Cisco123, Cisco1234, TANDBERG, change_it, 12345, ipics,
pnadmin, diamond, hsadb, c, cc, attack, blender, changeme
root, nsroot, nsmaint, vdiadmin, C1trix321, nsroot, nsmaint, kaviza, kaviza123, freebsd,public, rootadmin,
Citrix kvm, cli, admin wanscaler
D-Link admin, user private, admin, user
Dell root, user1, admin, vkernel, cli calvin, 123456, password, vkernel, Stor@ge!, admin
EMC admin, root, sysadmin EMCPMAdm7n, Password#1, Password123#, sysadmin,changeme, emc
admin, password, hpinvent, iMC123, pvadmin, passw0rd, besgroup, vcx,
HP/3Com admin, root, vcx, app, spvar, nice, access, config, 3V@rpar, 3V#rpar, procurve, badg3r5, OpC_op, !
manage, hpsupport, opc_op manage, !admin
Default username and password values (2)
Vendor Usernames Passwords
123456, admin, root, Admin123, Admin@storage,Huawei12#$, HwDec@01,
Huawei admin, root hwosta2.0, HuaWei123, fsp200@HW, huawei123
USERID, admin, manager, mqm,
IBM db2inst1, db2fenc1, dausr1, PASSW0RD, passw0rd, admin, password, Passw8rd, iadmin, apc, 123456,
db2admin, iadmin, system, cust0mer
device, ufmcli, customer
Juniper netscreen netscreen
NetApp admin netapp123
Oracle root, oracle, oravis, applvis, ilom- changeme, ilom-admin, ilom-operator, welcome1, oracle
admin, ilomoperator, nm2user
vi-admin, root, hqadmin, vmware,
VMware admin vmware, vmw@re, hqadmin, default
Details of hardcoded SSH keys
CVE reference Notes
CVE-2014-2198 Cisco Unified CDM before 4.4.2 has a hardcoded SSH private key, making it possible for attackers to
access support and root accounts remotely
CVE-2012-1493 F5 Networks BIG-IP appliances use a hardcoded private key, which grants remote super-user access via
SSH
SSH Server Software Flaws
Remotely exploitable SSH vulnerabilities
CVE reference Implementation Notes
OpenSSH 6.9 and prior does not restrict processing of keyboard-interactive
CVE-2015-5600 OpenSSH authentication sessions, which can be abused to bypass the MaxAuthTries directive
and perform unrestricted brute-force password grindinga
Remote command execution zero-day flaw in Sun SSH version 1.5 and prior, running
– Oracle Solaris on Oracle Solaris 11 and 10 (as found within the Asset Portfolio PDF available via
WikiLeaksb)
Memory corruption within the SSH service running on multiple Dell
CVE-2013-3594 Dell PowerConnect PowerConnectswitches can result in remote code execution
Scanlance devices with firmware before 4.5.4 make it possible for remote attackers
CVE-2013-4652 Siemens Scanlance to bypass authentication via SSH or Telnet
CVE-2013-4434 Dropbear SSH Username enumeration flaw within Dropbear SSH 2013.58