Linked by Eugenia Loli on Wed 7th Dec 2005 22:55 UTC, submitted by LogError
Privacy, Security, Encryption Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords.
Permalink for comment 69854
To read all comments associated with this story, please click here.
Unconvinced
by flypig on Thu 8th Dec 2005 02:18 UTC
flypig
Member since:
2005-07-13

I have no doubt that the problem of "never changing passwords" is a genuine concern, but I have difficulty believing that there are really that many applications with *hard coded* passwords. Can it really be the case that "It is virtually certain that there is not a single business critical application in your company that isn't wide open"?

It's also not clear to me how digital vaulting can eliminate the problem, without all of those badly written applications having to be re-implemeneted at the very least.

Sorry for being so very cynical! But the article would be more convincing if it hadn't been written by the European Director of Cyber-Ark ( http://www.net-security.org/article.php?id=844 ), who are the "networking company behind vaulting technology" ( http://www.cyber-ark.com/cyber-ark/index.asp ) .

Edited 2005-12-08 02:20

Reply Score: 2