We have a requirement to monitor for default username/password combinations left on our boxes. Just wondering how you all are handling this? Any open source tools? I was pretty much going to write a giant SSH in a loop thing. But thought there might be a smarter (free) way of doing this. Bonus points if it can work on Juniper Firewalls too.
Code: Select all
"2.1.a Choose a sample of system components, and attempt to log on (with system administrator help) to the devices and applications using default vendor-supplied accounts and passwords, to verify that ALL default passwords (including those on operating systems, software that provides security services, application and system accounts, POS terminals, and Simple Network Management Protocol (SNMP) community strings) have been changed. (Use vendor manuals and sources on the Internet to find vendor-supplied accounts/passwords.)"