Changeable default passwords are not seen as vulnerabilities by ICS-CERT, but should they be?
Source: CSO Online - Posted by Anthony Pell   
Host Security While responding to a vulnerability report submitted in April, ICS-CERT told a researcher that documented, changeable default passwords are not vulnerabilities. But given the risk behind default passwords and the focus on critical infrastructure security, shouldn't such things be considered an issue? Darius Freamon, a researcher from South Carolina, reported a vulnerability in an ICS (Industrial Control System) used for Solar power generation last April. ICS-CERT, a division of the U.S. Department of Homeland Security that focuses on risk across critical infrastructure, told him that the flaw he disclosed in Solare Datensysteme wasn't valid.

Read this full article at CSO Online

Only registered users can write comments.
Please login or register.

Powered by AkoComment!