DPE (Default Password Enumeration) security standard launched.

We are again proud and happy to announce that we have just launched a new Enumeration Project with the hope it will be useful for the security community as a new standard.

It can then be used along with softwares that integrates standards as well as OVAL, SCAP and others.

DPE is the security-database naming scheme that provides structured
enumeration of default logons and passwords of network devices,
applications and Operating Systems.

The main goal is to increase the "password auditing scanners"
interoperability potential.
Any kind of tool integrating the XML DPE scheme will be able to identify
and report default access configurations on specific devices, softwares or
operating systems.

Taking into account the benefits of SecurityMetrics standards principles,
DPE integrates the CPE naming scheme to describe
information technology systems, plateforms and packages.

DPE provides the default usernames and passwords information for the
following :

  • Operating Systems : Unix, Linux, Windows, iSeries AS/400 ...
  • Network devices : Routers, firewalls, switches, printers
  • Databases : Oracle, MySQL, MS SQL and more
  • Web applications : WebSphere, Apache ...
  • Administrative Web Based solutions
  • Telephony devices and SIP systems
  • Other: specific applicances.