CIRT.net – Default Password Database 3.5 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
Consolidation of default passwords for commercial software and hardware products.
SEARCH RESULTS
Nikto2 – Web Application Scanner 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
Open Web Application Security Project (OWASP) – Testing for Account Enumeration and Guessable User Account 3.5.2 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.
Open Web Application Security Project (OWASP) – Testing for Default Credentials 3.5 3.5.10 3.5.11 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This link discusses the process of testing web applications for default credentials.
SANS – Password Construction Guidelines 3.5 3.5.10 3.5.2 3.5.7 3.5.8 3.5.9 Identification and Authentication
This SANS guideline provides best practices for creating secure passwords.
SANS – Password Protection Policy 3.5 3.5.10 3.5.2 3.5.7 3.5.8 3.5.9 Identification and Authentication
This is a sample password protection policy from SANS.
SANS Whitepaper – Vendor-Supplied Backdoor Passwords – A Continuing Vulnerability 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware.
US-CERT – Risks of Default Passwords on the Internet 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
US-CERT alert that reviews the risk associated with default passwords on internet-connected systems.