DPE - Default Password Enumeration

DPE is the security-database naming scheme that provides structured enumeration of default logons and passwords of network devices, applications and Operating Systems.

The main goal is to increase the "password auditing scanners" interoperability potential.
Any kind of tool integrating the XML DPE scheme will be able to identify and report default access configurations on specific devices, softwares or operating systems.

Taking into account the benefits of SecurityMetrics standards principles, DPE integrates the CPE naming scheme (mitre.org) to describe information technology systems, plateforms and packages.

DPE provides the default usernames and passwords information for the following :

  • Operating Systems : Unix, Linux, Windows, iSeries AS/400 ...
  • Network devices : Routers, firewalls, switches, printers
  • Databases : Oracle, MySQL, MS SQL and more
  • Web applications : WebSphere, Apache ...
  • Administrative Web Based solutions
  • Telephony devices and SIP systems
  • Other: specific applicances.

Why DPE ?

During a security evaluation process, auditors do not have a fast and simple way to identify at a glance the default access parameters of targeted device.
In fact, most of them use a simple bruteforce utility to try every couple of Logons and passwords. In one hand, this could be a time-consuming stage and in the other it may causes indirect denial of service (accounts lockout, IP banning, alarms raising ...)

Security-Database solves the problem by creating the DPE (Default Password Enumeration).
Now every piece of software that integrates the DPE scheme along with the latest passwords Database can test the appropriate default logon/password.

Examples of use

  • Testing manually usernames/passwords from security-database.com/dpe.php
  • Using automated XML / XSD parser software to read and test default entries. Note, that the software should able to handle the protocol communications(HTTP, HTTPS, SNMP, SSH, TELNET, FTP..)

Benefits of the DPE efforts

  • Unifying the passwords database information.
  • Standarization of the default accesses testing.
  • Reducing the process of passwords testing.
  • Minimizing the risks of lockouts and denial of service during the security assesssment.

Submission Guides

DPE XML entries, changes, modification or any comment could be emailed to security-database.com by members who have registered. The entries will be reviewed by a DPE Board prior to being posted on the reposiroty.

To submit DPE entries, the following requirements should be accepted :

Before submitting any data please validate your content using the DPE schema.
The duplicate entries will not be taken into account.

Any direct or particular request, feel free to drop an email to info at security-database dot com

Samples - XML DPE Database Snapshot

<?xml version="1.0" encoding="utf-8"?>
<DPE xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:meta="http://dpe.security-database.com/dictionary/0.3" 
 	xmlns="http://dpe.security-database.com/dictionary/0.3" 
	xsi:schemaLocation="http://dpe.security-database.com/dictionary/0.3 http://www.security-database.com/dpe/DPE_DatabaseDraft.xsd">
    <generator>
        <product_name>DPE Database</product_name>
        <product_version>0.3</product_version>
        <schema_version>0.3</schema_version>
        <timestamp>2008-07-05T17:19:17</timestamp>
    </generator>
    <Vendor name="Cisco" information="http://www.cisco.com">
        <Product name="Routers">
            <Model version="2600" CPE="cpe:/h:cisco:router_2600">
                <Value username="Administrator" 
                       password="Admin" 
                       protocol="Telnet" 
                       accessgranted="Administrator" 
                       defaultservicenumber="21"/>
                <Value username="cisco" 
                       password="" 
                       protocol="Telnet" 
                       accessgranted="Administrator" 
                       defaultservicenumber="21"/>
            </Model>
            <Model version="3600" CPE="cpe:/h:cisco:router_3600">
                <Value username="Administrator" 
                       password="admin" 
                       protocol="Telnet" 
                       accessgranted="Guest" 
                       defaultservicenumber="21"/>
            </Model>
        </Product>
        <Product name="Firewalls">
            <Model version="Pix 6.3" CPE="cpe:/o:cisco:pix_firewall:6.3">
                <Value username="Enable" 
                       password=""
                       protocol="Console"
                       accessgranted="Administrator"
                       defaultservicenumber=""/>
                <Value username=""
                       password="cisco"
                       protocol="Telnet"
                       accessgranted="User"
                       defaultservicenumber="21"/>
            </Model>
        </Product>
    </Vendor>
</DPE>
 

DPE - Database Repository

soon