The Risks of Default Software Configurations: The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a critical advisory regarding the security risks associated with default configurations of software and applications.
The Risks of Default Software Configurations news item was one of the NSA-CISA Top 10 Cybersecurity Misconfigurations for Organizations recently released
This news item delves into the implications of these default settings and their potential exploitation by malicious actors.
Key Takeaways to the Risks of Default Software Configurations:
Table of Contents
- Common Default Configuration Risks: Default settings in systems, services, and applications can create vulnerabilities, potentially allowing unauthorized access or malicious activity.
- Default Credentials Vulnerability: Default credentials provided by software manufacturers can be easily exploited by threat actors, leading to unauthorized access and other cyber threats.
- Insecure Services and Protocols: Insecure legacy protocols and services, when enabled by default or inadvertently, pose serious security risks, making networks susceptible to malicious activities.
Understanding Default Software Configurations
The NSA and CISA have jointly released a cybersecurity advisory focusing on the potential risks posed by default configurations of software, services, and applications. These defaults, if left unchanged, can become gateways for malicious actors to exploit.
Default Credentials: A Major Concern
One significant concern highlighted by the advisory is the prevalence of default credentials provided by software manufacturers.
These default usernames and passwords are often left unchanged by users and administrators, making them prime targets for exploitation:
- Easy Access: Threat actors can easily find and use default credentials to gain authenticated access to devices or systems.
- Password Reset Exploitation: Malicious actors can reset built-in administrative accounts using predictable forgotten password questions.
- VPN Access: Default virtual private network (VPN) credentials can be leveraged for unauthorized internal network access.
- Web Application Vulnerabilities: Default credentials for web applications, when discovered, can provide unauthorized access to applications and databases.
- Code Execution: Default credentials in software deployment tools can be exploited for code execution and lateral movement within a network.
It’s not limited to traditional network devices; even devices like printers, scanners, security cameras, and IoT devices may have default credentials that can be exploited.
Risks of Default Service Permissions and Configurations
Certain services, by default, may have overly permissive access controls or vulnerable configurations.
Even if these services aren’t enabled by default, they can be abused if users or administrators enable them inadvertently:
- Insecure Active Directory Certificate Services: This service, if misconfigured, can lead to the issuance of fraudulent certificates, user privilege escalation, and unauthorized access.
- Insecure Legacy Protocols/Services: Vulnerable legacy network services like Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) can be enabled by default, posing security risks. Malicious actors exploit these services for host identification and system access.
- Insecure Server Message Block (SMB) Service: Even in the latest Windows versions, SMB service may lack message signing, making it susceptible to machine-in-the-middle attacks and name resolution poisoning.
Conclusion
Addressing default software configurations is a critical aspect of cybersecurity. Organizations must actively change default credentials, harden configurations, and disable unnecessary services to mitigate risks.
Additionally, software manufacturers play a vital role in enhancing cybersecurity by adopting secure-by-design principles and eliminating default passwords.
In summary, vigilance against default configurations and a proactive approach to secure software and services are essential to safeguard against potential cyber threats.
About NSA and CISA: The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) are government agencies committed to enhancing the cybersecurity posture of organizations and critical infrastructure in the United States. Their collaborative efforts aim to address cybersecurity challenges and protect against evolving threats.
