The Top 10 Not So Common SSH Usernames and Passwords, (Wed, Oct 16th)

SANS Internet Storm Center, InfoCON: green 2024-10-16

Our list of "Top" ssh usernames and password is pretty static. Well known defaults, like "root" and "admin" are at the top of the list. But there are always some usernames and password in the list that are not as well known, or only showed up more recently. I will focus in this diary on these "second tier" credentials.

345gs5662d34

Used by Polycom CX600 IP phones, this password often shows up in the username field (as other passwords do) if sloppy bots do enter it into the wrong field.

zyfwp

A backdoor account in Zyxel equipment. It was found by Rapid 7 (and later removed by Zyxel) in 2020.

yhtcAdmin

Used in "Youhua PT939G" fiber routers.

 vadmin

The default username for the web hosting platform LiteSpeed. Can be used via SSH or HTTP.

telecomadmin

The username used by Huawei ONT HG8245H5 fiber termination kit.

chenzilong

Not sure. But it may be a popular Chinese character. Maybe anybody reading this knows?

7ujMko0admin

Some Dahua network NVRs use this telnet/ssh password. They are pretending the string "7ujMko0" to the web password, which by default is "admin".

a1sev5y7c39k

The default password for some unspecified routers using the Realtek chipset.

Xpon@Olt9417#

V*SOL GPON OLT default password

ve0RbANG

used with the "YhtcAdmin" username for Youhua PT939G optical network termination equipment. The same device also uses Admin/1234 and Admin/Telecom_1234. .

You can look at our top password list here:

https://isc.sans.edu/data/ssh.html

I will add some of the details about our username and password pages as you look up a particular password. For example:

https://isc.sans.edu/ssh_usernames.html?username=345gs5662d34

 

--- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.