Published on March 9th, 2013 | by NJ Ouchn0
DPE Default Password Enumeration Parser and XML Database / Scheme Beta 002 released
DPE Default Password Enumeration Concept is an effort to provide structured enumeration of default logons and passwords of network devices, applications and Operating Systems.
The main goal is to increase the “password auditing scanners” interoperability potential. Any kind of tool integrating the XML DPE scheme will be able to identify and report default access configurations on specific devices, software or operating systems.
Taking into account the benefits of SecurityMetrics standards principles, DPE integrates CPE naming scheme (http://cpe.mitre.org) to describe information technology systems, platforms and packages and CVE (http://cve.mitre.org) to describe the vulnerability
DPE provides the default usernames and passwords information for the following:
- Operating Systems : Unix, Linux, Windows, iSeries AS/400 …
- Network devices : Routers, firewalls, switches, printers
- Databases : Oracle, MySQL, MS SQL and more
- Web applications : WebSphere, Apache …
- Administrative Web Based solutions
- Telephony devices and SIP systems
- Other: specific applicances.
New DPE scheme.
The information and Credentials are now organized by Vendor. In fact, the xml becomes easier to read and consume.
Here is a sample
<vendor name="advantech"> <model cpe="cpe:/h:advantech:adam-6015" description="advantech adam-60xx module series" dpeid="dpe-2008-5848" type="scada"> <info cve="cve-2008-5848" port="80" protocol="http"/> <credential password=""00000000"" username="none"/> </model> <model cpe="cpe:/h:advantech:adam-6017" description="advantech adam-60xx module series" dpeid="dpe-2008-5848" type="scada"> <info cve="cve-2008-5848" port="80" protocol="http"/> <credential password=""00000000"" username="none"/> </model> </vendor>
Added a DPE id
The main idea behind this id is to associate a default credential with a CVE whenever is possible to do so. It will facilitate the extraction of information from the DPE xml db on the basis on CVE (or DPE id). This feature will be added for the next beta release.
For default passwords reported by CVE-2008-5848, the DPE id will be “DPE-2008-5848”.
Few modification added to the parser to reflect the new DPE scheme and to report more information in output text file.
You can now check the XML DB version by leveraging the -b (or – -banner)
$ ./dpeparser.py --banner ____ ____ _____ ____ | _ \| _ \| ____| | _ \ __ _ _ __ ___ ___ _ __ | | | | |_) | _| | |_) / _` | '__/ __|/ _ \ '__| | |_| | __/| |___ | __/ (_| | | \__ \ __/ | |____/| | |_____| |_| \__,_|_| |___/\___|_| |_|Beta 002 Database XML build v212_p1922
v212 means 212 vendors
p1922 means 1922 passwords
It is mandatory to download this new parser.