Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
Introduction
There was a post on Facebook that was brought to my attention. The user was seeing a high cpu load on his server from a process that wasn’t a normal process name, it was concluded that their server had been hacked and was now either attack other websites or mining crypto.
The user had installed Cyberpanel and choose the default password method during the setup, and most likely an automated scan found their Cyberpanel instance on port 7080 and was able to login using the default login.
Why are default passwords a problem?
Well, CISA says that hardware and software vendors should not be using default passwords for their products. Here’s a direct link to the post by CISA
https://www.cisa.gov/news-events/alerts/2013/06/24/risks-default-passwords-internet
Here’s a better breakdown from Bleeping Computer.
Now, some might blame the person who installed Cyberpanel, which is valid. You should be changing default passwords as a security standard. But as CISA notes.
Years of evidence have demonstrated that relying upon thousands of customers to change their passwords is insufficient, and only concerted action by technology manufacturers will appropriately address severe risks facing critical infrastructure organizations
Why hasn’t the default password in CyberPanel been addressed?
There was a PR submitted to fix this by Nick Chomey, but was ignored by the maintainer of Cyberpanel.
So I opened an issue on the Github repository for Cyberpanel to see if it would get some traction.
There is also a post on their forum talking about this same situation.
I took a screenshot incase they delete the issue and PR.