Default password

[citation needed] Default passwords are one of the major contributing factors to large-scale compromises of home routers.

[2][3][4][5] There are several Proof-of-Concept (POC), as well as real world worms running across internet, which are configured to search for systems set with a default username and password.

Voyager Alpha Force, Zotob, and MySpooler are a few examples of POC malware which scan the Internet for specific devices and try to log in using the default credentials.

Once devices have been compromised by exploiting the Default Credential vulnerability, they can themselves be used for various harmful purposes, such as carrying out Distributed Denial of Service (DDoS) attacks.

In one particular incident, a hacker was able to gain access and control of a large number of networks including those of University of Maryland, Baltimore County, Imagination, Capital Market Strategies L, by leveraging the fact that they were using the default credentials for their NetGear switch.

WiFi Router with default password "password"