Unchanged default values set into systems at the factory or in
a standard distribution process are known to and exploited by attackers to
gain unauthorized access. Example include default passwords, default
accounts, and default protection settings.
Complexity: It may be quite
difficult to create a comprehensive lists of appropriate defaults for any
nontrivial system because the optimal settings are determined by the
application. No substantial mathematics has been done on analyzing the
complexity of finding proper settings, but many lists of improper defaults
published for select operating systems appear to require only linear time
and space with the number of files in a system in order to verify and
correct mis-settings.
fc@red.a.net