CIRT.net – Default Password Database 3.5 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
Consolidation of default passwords for commercial software and hardware products.
SEARCH RESULTS
Open Web Application Security Project (OWASP) – Cryptographic Storage Cheat Sheet 3.5 3.5.10 3.5.11 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This article provides a simple model to follow when implementing solutions to protect data at rest. Passwords should not be stored using reversible encryption - secure password hashing algorithms should be used instead.
Open Web Application Security Project (OWASP) – Testing for Account Enumeration and Guessable User Account 3.5.2 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.
Open Web Application Security Project (OWASP) – Testing for Default Credentials 3.5 3.5.10 3.5.11 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This link discusses the process of testing web applications for default credentials.
SANS – Password Construction Guidelines 3.5 3.5.10 3.5.2 3.5.7 3.5.8 3.5.9 Identification and Authentication
This SANS guideline provides best practices for creating secure passwords.
SANS – Password Protection Policy 3.5 3.5.10 3.5.2 3.5.7 3.5.8 3.5.9 Identification and Authentication
This is a sample password protection policy from SANS.
SANS Whitepaper – Vendor-Supplied Backdoor Passwords – A Continuing Vulnerability 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware.
US-CERT – Risks of Default Passwords on the Internet 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
US-CERT alert that reviews the risk associated with default passwords on internet-connected systems.