Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks.
Out of more than 1.8 million administrator credentials analyzed, over 40,000 entries were “admin,” showing that the default password is widely accepted by IT administrators.
Default and weak passwords
The authentication data was collected between January and September this year through Threat Compass, a threat intelligence solution from cybersecurity company Outpost24.
Outpost24 says that the authentication credentials come from information-stealing malware, which typically targets applications that store usernames and passwords.
Although the collected data was not in plain text, the researchers say that “most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack.”
“To narrow down our password list to administrator passwords, we searched the statistical data stored in the Threat Compass backend for pages identified as Admin portals. We found a total of 1.8 million passwords recovered in 2023 (January to September)” – Outpost24
Depending on its purpose, an admin portal could provide access related to configuration, accounts, and security settings. It could also allow tracking customers and orders, or provide a means for create, read, update, delete (CRUD) operations for databases.
After analyzing the collection of authentication credentials for admin portals, Outpost24 created a top 20 of the weakest authentication credentials:
01. | admin | 11. | demo |
02. | 123456 | 12. | root |
03. | 12345678 | 13. | 123123 |
04. | 1234 | 14. | admin@123 |
05. | Password | 15. | 123456aA@ |
06. | 123 | 16. | 01031974 |
07. | 12345 | 17. | Admin@123 |
08. | admin123 | 18. | 111111 |
09. | 123456789 | 19. | admin1234 |
10. | adminisp | 20. | admin1 |
The researchers warn that although the entries above are “limited to known and predictable passwords,” they are associated with admin portals, and threat actors are targeting privileged users.
Defending the enterprise network starts with applying baseline security principles like using long, strong, and unique passwords for every account, especially for users with access to sensitive resources.
To keep safe from info-stealing malware, Outpost24 recommends using an endpoint and detection response solution, disabling password saving and auto-fill options in web browsers, checking domains when a redirection occurs, and steering away from cracked software.