In an academic/small scale development environment, where development and training are taking place on a regular basis, it is not always feasible to prevent the users from obtaining the administrator level passwords for individual systems in order to modify configuration to suit individual project needs. This is especially true in the case of academic project development. In such a scenario if the administrator passwords are common for all the systems are common the following threats emerge
a. In the case of the password leaking through one user to multiple users, malicious or accidental harm to the system could occur.
b.If the passwords are not changed frequently, data which is meant to be confidential may be accessible by unauthorized users.
c. Passwords chosen by humans are typically insecure, since most users choose passwords which are easy to crack by brute force or standard dictionary hacks.
The primary attack pattern in such a situation is one of Social Engineering wherein the attacker takes advantage of the userís lack of knowledge to gain security sensitive information about a system.
This document is in PDF format. To view it click here.