IP Camera Passwords - Axis, Dahua, Samsung

Author: Ethan Ace, Published on Oct 15, 2014

IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for examples.

However, in the last few years that is starting to change.

In this note, we look at password procedures for Axis, Dahua and Samsung, explaining why and which are strong, moderate or weak.

** ******* *** ****** / ******** *** **** ******* ********* that *** **** ** ***** ********. *** *** ** ******* ******* ********* ********* *** ********.

*******, ** *** **** *** ***** **** ** ******** ** change.

** **** ****, ** **** ** ******** ********** *** ****,******** *******, ********** *** *** ***** *** ******, ******** ** weak.

[***************]

Strong: *******

** ***** **** ****** ******** *******, ******* *** **** *** things ** ******* ******** ********:

  • *****, ***** **** ****** * ******** **** *** ****** ** first ****** ** ******** ** ** ******* *********. ***** ** no ******* ********.
  • ******, *** ***** ******** **** ** ** ***** * ********** and ****** *** ******* *****, ** **** ** *** ***** below. ***** ***** ** *** ***** *******'* ******* ******* ******** ("4321") ** ** ****.

********* **** ***** *** **** ***** ***** ******* *** **** the ***** ******** ********* ** ********, *** **** ** *** more ****** **** ****** ********** ** "****."

Moderate: ****

**** ******* *** ***** *** **** ** ****** * ******** upon ***** *****. *******, "****" ** ***** ********, *** ***** functions ** * ******* ********, **** ***** **** ** ******* to *** ****** ****** *** ******** ******** ***** ** ********. This ***** ** **** ****** **** **** ***** ****** ***** "pass" ******* *******, *** ** *** ****** ** *****.

Bosch: ********

******** ** *.** ********, ***** ******* ***** ** *** * password, **** **** ***** ********* **** ********** ** *** ******'* web *********. **** **** ** ******** ** *** ** ******* and **** ** ********, ****** ******* ** *********, ***** ***** users ** *** ***.

******** ** ***** ***** ** *** ******** ***** ****, **** a ***** ******* ******** "********." **** **** *** ******** ** this ******* *** * ********** **** *** ******** ********* *** lowercase *******, *******, *** * ******* *********, *** *** ***** only ******** ** "******." ****** ********* ******* ** ********** *** a *** ** ***** *****.

****:***** (*** *********)

************ ******* ** *****/*****, **** ******** ** ******, *** ************* not ** *** ******** ***** ** *******. ** ******** ********, Dahua ******* (*** ****) ******** *** ******** ***** ***** *** be *******, *****  ****** (**** ***** ******) *** ****** (**** ****). *******, ** newer ******** (**/** ****), ***** ******** ** ****** *****, **** admin *** **** ******* ** *******.

***** **** *** **** ***** ** ****** *** ******** ****** the ***** *****, *** ******** ******** ******** ***************, **** *****. However, ********* *** **** ******* ******* *** ********, ** ******* characters, ******* ***** ** ******** ****** ** ****** * ****** password.

************, ***** ******* **** ** ****** ** ****** ***** ** ******** failed ***** ******** *** ****, **** *****. **** ** ******** in ** *******, **** **** *** ****** ** ******** ********. This ** ***** ******** **** ******** ******* ******** ******, ******** intruders ** *** **** *** ******* *********.


******

*** **** ******** ** ************* ***** *** ******* ********* ******* forcing ***** ** ****** **** ** *****, *** **** **** we **** **** ******* ******* ***** ** ******* ****. *** **** common *********** ******* *****/*****.

***** *** **** * *** ******** ** ************ *** *********** in ******** ******** **'** **** ** *** ****** *****. *******, feel **** ** *** ****** ** *** ******** *****.

****

**** ** ***** ******** ***** ******* ******* ********* *********, ****** **% ** ***** **** **** ** ***** ********* *** default ********* ** * ********** **********:

**** **** ** ****, **** ** *** ***** ************* ****** do (** ********) ** **** ** ****** ********* **** ******?

Comments (19)

**************'* * *** * *********, ***** ******* *** ********** ********** lucky ** *******. **'* * ***** ********....

*'** ** **** ** *** *** ****** *** ***'* **** crowd **** ****.

**** ** ** ******** ****, * ***** *** ***** ** Dahua: **** ** ***** *** ************ ** ******* ******** ** login ** *** ** **** ***** **** *** ***** ********:

****'* ********** ****** *** ***** ********* ********* (******** ***'** ******* the ********* **** *******, *** ********* ** *** **** ****), and *** * ****** ******* ** *******.

* ** *** ***** **** *******'* ******* ***** *** *********. I ********** *** ******* ** ******** * ********* ** **** pass **** *** ****** ** ****** * *******, **** ** remember ********** ******** *** ****** ** ******** ** * *******.

* ***** **** **** *** ***** ***** ** ****, ******* users ** ****** * ******** *** ******* *** *** **** own ******* ***** ** **********. ******* ** *** ***** ****** card ******* ** ***** ********* **** ***** **** ** *********. The ***** ***** **** *** ****** ** **** * ****** would ****** **** ****** ********.

*** ****** *** **** ****** ** ****** **** ************ *****, so *** ***** * ****** **** ** **** *** ** and **** ** *** **** **** ?

*** ***** ** ********** ****** ** ** **** **** *** value ** **** *** *** **********.

* ** ***** ** *** ******** **** **** ************ ******* which **** ******* ********* *** * ***** **** *** ******* should ******* * *** ******** **** ******* ***** ** ******* the ******. *** ******* **** ********* ********* * ***** ** difficulty ***** ** *** ********* ** *** ******** ** ******* hacking **** ********. ** *** ***, *** ** ***** ***** a ****** *** ** *** ****** ** ***** **** * simple ******** ** **** ****** ** * ***** ****** ? If *** **** **** ***** ** ** ******** ** **** high ***** ** ********** **** *** ****** ** **** ** implement ** *** ** ****** *** ** ********.

* **** **** ******* ******* *** ***** *** ******** * real **** ***** *** ** ***** ******* **** ********* *******.

** *** **** ****, ******, **** ** ** **** * manufacturer's ***********: ***** *** ***** *** ***** ********* ** *********** ** ******* ** *** ********, *** ******* ********** **** *** ****** **** ****.

** ***** ** **** * ***** ****** **** ** ********* user **** **** *** ** ***** ** * ******* **** and ***** ** **** ** *** ******** (*** ****'* * realistic ********), *****'* **** * ****** ******* **** **** ** and **** **. *** ******* **** ***** ****** *** ** a ** ********* *** * ***** ** *********. ******* ***** to ****** * ******** *** *** ***** * ******* *** can ****** ***** *** **** ******** ** ***** ******, ** most ***'* ** ******* *** ******* ** ******* **. ****'** just *** ********* *** **** **** ****, **** ** ** the **** ******.

**** ** ******* ********** ******* *********, *** ** ****** * complex ***** ******** *********** * *** *****? *** ***** ** users **** ** ****** *** ****** *** **** ********? ** seems **** ** **** ** **'* **********, ** ****** *** be * *******.

*** **** ******* ******'* ********* *** *** "***********!"

** **** *****'* ********, ****, ******** *** ********** *** ******** one *** ********* *** ** **** ********, ***** ** ***** not *** ****.

******* ****** ** ****** ***** *** ******** ** * ****** is ****. ***** *** *** *** **** '****' ******* ** the ******** ******* ****** ******'* ****** ** ****** *** ********.

* **** ******** * ******* ** ** *** ****** ******* they ******'* ** ******** ** ****** *** ******* ********.

*******, ******* ** **** ** ******** ******** ***'* ** ****************, ** **** *********. * ******* **** ***** **** ******** who **** *** *** **** ******** ****** **** **** **** all ***** ********/******* ***. *** ** ****** ** *** ***** of **********!

****,********** ****

****** *** * **-********* ***** ***** ********* *************************.

* *** **** ************ **** ******** ****** ****** **** **** virtually ****** **** ******** ********* ***** ***** *****.

*'* ***** ** ** *** ** * **** *** ******* that ******** ********* ******** ******* ***** ******** ** * ***** deal **** *** ****** ******** **** ********* ******* *** *********** contortions ****** ************ ********** ******** *******.

* ******* ******** ** ***** *** *********** ***** ** ** standardize ** **** ******* **** ** **** ****** ******** ************.

**** ** ***** ***** ********* **** ******** ****** ***** *** available ** ******* *** ***** ** ******* ******* ********. ****, data ****** ************ *** ******** ************ *************, ******** **** ******** within *** ***** ** ****** ******* **** **** **** ***'* care ** ***** **** **** ******.

*** ****, * **** **** ************ ***** **** ** ****** room ** **** * ********* *** ****** ********. sentence ***** ** * ****** ********)

********* *** **************** ******** **** ****** **** ********* ** * *********** ****** could **** ** * ********** ** *** *******. **** ************ cameras *** *** ******** **** * ********'* **** ********. * agree; *** ***** ** ********** ****** ** ** **** **** the ***** ** **** *** *** **********.

** * ******** *** ******* ****, **** ******* ******** ***** the ****** ** ********** ******* ** * ********. ** ***** in ********* **** **********, ****** ********* *** ** **** ****** ********** ***** ***** being ******. ******* ***** ***** *** ****** **** ******* ** data *** ******* ******* ** ******** ********** **** *********; ***** anyone ******* ******* ******** ********** *** ******** ****** ************?

*'* *** **** ***** ***** *** *********, *** ***** ** known *** ****** * ******** ******** ** *** *** *** a ****** ******** * ******* **** ****** ** *******. * was **** ** ***** ***** ****:***** *** ****** *** ****** as **** *** *** **** ******* * ****.

* ******* **** *** ****** ****** ***** ** ******* ** be ******** ******** *** **** ******* * *** ** ****** through * ****** ******* **** *** ******. **** ****** **** be ** * **** ******** **** *** **** ** *** network. ** ***** ** **** ** *** ******** ******* **** also *******.

** * ******** ****, *** ****** ***** ******* ******** ******* one ** ****** *** ********* *** *****. ** ***** ********/******, this *** *** ******** *** *** ******** ** *** ******* could ****** *** ***** ***** *****.

**

****** **** * ******** ******* ** *** ***** ** ******** Cameras (** ********** ** *** *****/**** ***). **** *** *** dealing **** *** ******* *** ** *** ** ***** *** 200 ********* ******* ********* *** ***** ****? *** *** **** finda *** ** ****** ***** *** *********... *** **** ********.

* ******* **** ******** ***** ****** **** *** ******* ******. That ** *** ** **** ***** ** ********** *** **** seems ** ** *** *** *** ** **** **** *** Device ********** / ****** ******** *********** ************.

*, * ***** * *** ********** ** **** **** -*** ** *** ****** ******** ********** ** *** *******?

******: ***** *** **** ***** (*** *****'* ***** ****) ** change ******** ** ***** *****, *** ***** ******** ******** ***************.

****'** **** ******* *** ****** *** ****** ******** ******** **** cameras.

**'** ********* **** ** ******** *******, *** ***'* **** * new *** ** ***** ****. **'** ****** ** ** **.

****** *** *** ******. * *****'* **** **** ** *** IP ******* *** * **** **** *** ******** ******* ** the *** ****. ** ***** ** ** ****** *** ******** and * ******* * ***** **** * ******** ****** **** 6 **********. *** * *** * ******** **** ***** *****, but * ******* **** ***** * **** *** **** ** not ** **** ** ** *** ** ******* ***** ***** it **** ****** ** *** *********.

**** *** ****** ** *** ***** ******** ***** ** *******? I **** **** * ***** ****** *** ********* ** *** cameras, *** **** ****** *** ***** ******* ** ********** ***** settings ******* * ******** ** ***** ***** *****.

* ****'* ***** *** ***** ********. *'** ***** ** *** tomorrow. * ** ****** ****** * ******** *** ***** ************** I ***'* ****** ***** *****, *** * ****'* *** ** out.

***, * ******* **** *** **** ** ***** *** *****. I *******, *** **** ** *****. **** *** ***** * changed *** ********* ** *** ****** *** ** ****'* ****** the ***** ********. ** *** ***** *****/***** **** ************** ****** on (** ******** ****** ***). * ***** ** ****** *** password **** ***** *******, *** **** ****'* **** ***** ** why *'* ****** ***** ******** ********* **** *****.

**** ** ** ****** ** ***** *** ***** ********. ** the ****** ***** ******** (*** **** *** ***** **** ** other ********) *** *** ******* ** ****** *** ***** ********. However, ***** ************** **** ** ** *** *** ***'* ****** the ******** **** *** *** *******. *** **** ****** *** Onvif ***** ******** ***** ***** ****** *******.

** ******** ** ****, ****** *** ***** ******* **** ***** firmware **** *** ** ********* ** *** ******** *******. *** the **** ** ******* *** **** ****/*****. *** ******* ***** the ****/***** **** ** ******* *** **** **** ** *** of *****. ***** *** ******** ******, ** ***** ****** *** 8's *** *'* ******** *** **** ***** ** ***** ****** Manager *** ****** *** *** *********. ** **** *****/***** ***** backdoor.

** **** *****/***** ***** ********.

**** ****, ****!

*** *. **** *** * ****. ;)

******: ** ***** * ******* ** *****, *** ******** ******** no ******** ** *******. ** *** *********, **** ****** *** user ** ****** * ********, *** ***'* ******* * ****** one.

**** **** ****** ** *** *** ****** ** *******, ***** used ** ** **, *** **** ** ******** ********, ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Directory of Alarm Company Brokers on Feb 20, 2017
Selling an RMR based business, such as alarm company, can be highly profitable, with acquisition prices of 36 to 48x RMR (equivalent to 3 to 4x...
Directory of Alarm Panel Manufacturers on Feb 16, 2017
Alarm panels are the central controller of intrusion systems. The following is a list of manufacturers of alarm panels. This directory only covers...
Directory Of Wholesale Central Station Monitoring Providers on Feb 15, 2017
Wholesale central stations help smaller and local dealers providing monitoring to their customers. Dozens of options exist.  Below is the first...
Hikvision Barred From US City Housing Authority Bid on Feb 14, 2017
A US city's housing authority has barred Hikvision products from their bid, due to 'increasing security concerns.' In the past few...
Hikvision Pledges 'Never' 'Backdoors' on Jan 27, 2017
With criticisms rising, Hikvision has gone on the record publicly declaring: Hikvision never has, does or would intentionally contribute to...
Free VMS Software Directory on Jan 13, 2017
Many Video Management Software (VMS) providers offer free versions, either open source, for a limited number of cameras or for a limited amount of...
Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down] on Jan 03, 2017
Hikvision suffered severe criticisms for its abrupt plan to discontinue its Hikvision Online service, with 3 core functions to be removed on Dec...
Hikvision Discontinuing Online Service on Dec 12, 2016
Hikvision has declared it will discontinue its Hikvision online service, just days after IPVM's Hikvision Cloud Security Vulnerability...
Sony IP Camera Backdoor Uncovered on Dec 06, 2016
A backdoor has been uncovered in ~80 Sony IP camera models, attackers can remotely enable telnet on the camera, and then potentially login as root,...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...

Most Recent Industry Reports

Honeywell Sues Alarm.com For Violating Anti-Trust Laws on Feb 24, 2017
Is Alarm.com about to dominate the smart home software market? That is what Honeywell alleges in its new lawsuit, first reported by...
Axis: "Everything is IP" - False on Feb 24, 2017
Axis is congratulating itself, with executive Fredrick Nilsson declaring: "Now the conversion is all done and everything is IP and analog is...
Advertising Like Avigilon at the ISC West Airport on Feb 24, 2017
Avigilon has grabbed a lot of attention over the last few years advertising at the Las Vegas airport when attendees fly in. But how does that...
Artificial Intelligence Robot Assistant (ACTi) on Feb 23, 2017
Has artificial intelligence come to the video surveillance industry? ACTi has released 'SARA' which it bills as an 'AI assistant that brings...
Cutting Costs 70% Using Milestone With HD Analog on Feb 23, 2017
HD analog and enterprise VMSes are often thought of as being on opposite sides of the spectrum, with HD analog best for small jobs due to its low...
Dahua 4K HD Analog Cameras Announced on Feb 23, 2017
HD analog has been gaining popularity (even if Axis hopes otherwise). Last year, HD analog's max resolution doubled from 1080p to 4MP (see our 4MP...
Uniview (UNV) IP Cameras Tested on Feb 22, 2017
"We're #3," in China says Uniview (UNV). While the company significantly trails Hikvision and Dahua in total sales, one notable difference is that...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Exacq Favorability Results on Feb 22, 2017
For years, Exacq has been one of the most frequently favored VMSes in IPVM integrator statistics (e.g., see Favorite VMS Manufacturers...
The Hot RMR Company - Electric Guard Dog on Feb 22, 2017
The financiers at the Barnes Buchanan conference praised a company named 'Electric Guard Dog'. While the name sounds fairly low tech, the money and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact