certigo icon indicating copy to clipboard operation
certigo copied to clipboard

Published 20 hours ago verified publisher icon square

Automatically try "well known" passwords

Open mcpherrinm opened this issue 6 years ago • 3 comments

Many java trust stores are "protected" with the default password changeit. Password protection often provides little value when the files are protected, perhaps in a secrets management system.

Other passwords I have seen from a github search for "keytool storepass" and we could guess:

changeit changeme keystore CHANGE ponies ez24get storepass Storepass password passphrase secret 123456

mcpherrinm avatar Nov 06 '18 05:11 mcpherrinm

notasecret CHANGEIT

mcpherrinm avatar Nov 06 '18 05:11 mcpherrinm

OH: The letter a is another I've seen

mcpherrinm avatar Nov 06 '18 05:11 mcpherrinm

OH: The letter a is another I've seen

"Please choose a password" - done!

mweissbacher avatar Jul 11 '19 20:07 mweissbacher