ChicagoVPS review of customer passwords from database dumps

Discussion in 'The Pub (Off topic discussion)' started by drmike, Apr 12, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    ChicagoVPS' highly publicized hacks and subsequent database dumps continue to horrify customers and yield more insight into ChicagoVPS.

    "CVPS Machine Passwords CVPS Email Passwords - A good friend got me a partially cracked dump of Chicago VPS data. This has been ran through the new, modular, Pipal so check out the username and email address Levenshtein comparisons at the end of the report, really interesting stuff. Info on the breach from the Chicago VPS site."

    This is the analysis from "CVPS Machine Passwords".  These are assumed to be credentials to individual VPS containers:

    Basic Results

    Total entries = 8085
    Total unique entries = 6939

    Top 20 passwords
    qazwsxedc1 = 73 (0.9%)
    shadowman10 = 33 (0.41%)
    password = 23 (0.28%)
    changeme = 19 (0.24%)
    CVPSg36-c = 18 (0.22%)
    abc123 = 15 (0.19%)
    aloha123 = 13 (0.16%)
    mrjain9278303545 = 13 (0.16%)
    husseinn123 = 12 (0.15%)
    123456 = 11 (0.14%)
    Fa000019 = 10 (0.12%)
    xTeg712 = 9 (0.11%)
    XSeries345 = 9 (0.11%)
    tree761349 = 9 (0.11%)
    ViadUnRek0 = 9 (0.11%)
    chicagovps = 9 (0.11%)
    test123 = 9 (0.11%)
    SUyan866 = 8 (0.1%)
    12uzaed24 = 8 (0.1%)
    ssh27net = 8 (0.1%)

    Top 20 base words
    qazwsxedc = 74 (0.92%)
    password = 45 (0.56%)
    changeme = 40 (0.49%)
    shadowman = 33 (0.41%)
    wsxsd = 27 (0.33%)
    test = 22 (0.27%)
    cvpsg36-c = 18 (0.22%)
    root = 16 (0.2%)
    chicagovps = 14 (0.17%)
    mrjain = 13 (0.16%)
    aloha = 13 (0.16%)
    husseinn = 12 (0.15%)
    admin = 12 (0.15%)
    tree = 11 (0.14%)
    abcd = 11 (0.14%)
    xteg = 9 (0.11%)
    hello = 9 (0.11%)
    viadunrek = 9 (0.11%)
    xseries = 9 (0.11%)
    pass = 8 (0.1%)

    Password length (length ordered)
    1 = 11 (0.14%)
    2 = 2 (0.02%)
    3 = 2 (0.02%)
    4 = 13 (0.16%)
    5 = 14 (0.17%)
    6 = 402 (4.97%)
    7 = 493 (6.1%)
    8 = 1700 (21.03%)
    9 = 923 (11.42%)
    10 = 1020 (12.62%)
    11 = 566 (7.0%)
    12 = 1648 (20.38%)
    13 = 250 (3.09%)
    14 = 191 (2.36%)
    15 = 186 (2.3%)
    16 = 150 (1.86%)
    17 = 51 (0.63%)
    18 = 59 (0.73%)
    19 = 52 (0.64%)
    20 = 143 (1.77%)
    21 = 29 (0.36%)
    22 = 26 (0.32%)
    23 = 12 (0.15%)
    24 = 26 (0.32%)
    25 = 14 (0.17%)
    26 = 8 (0.1%)
    27 = 5 (0.06%)
    28 = 5 (0.06%)
    29 = 1 (0.01%)
    30 = 9 (0.11%)
    31 = 3 (0.04%)
    32 = 30 (0.37%)
    33 = 3 (0.04%)
    35 = 1 (0.01%)
    36 = 4 (0.05%)
    37 = 1 (0.01%)
    40 = 13 (0.16%)
    41 = 2 (0.02%)
    42 = 1 (0.01%)
    43 = 1 (0.01%)
    44 = 2 (0.02%)
    48 = 3 (0.04%)
    49 = 1 (0.01%)
    50 = 4 (0.05%)
    63 = 1 (0.01%)
    64 = 2 (0.02%)
    68 = 1 (0.01%)
    69 = 1 (0.01%)

    Password length (count ordered)
    8 = 1700 (21.03%)
    12 = 1648 (20.38%)
    10 = 1020 (12.62%)
    9 = 923 (11.42%)
    11 = 566 (7.0%)
    7 = 493 (6.1%)
    6 = 402 (4.97%)
    13 = 250 (3.09%)
    14 = 191 (2.36%)
    15 = 186 (2.3%)
    16 = 150 (1.86%)
    20 = 143 (1.77%)
    18 = 59 (0.73%)
    19 = 52 (0.64%)
    17 = 51 (0.63%)
    32 = 30 (0.37%)
    21 = 29 (0.36%)
    24 = 26 (0.32%)
    22 = 26 (0.32%)
    25 = 14 (0.17%)
    5 = 14 (0.17%)
    40 = 13 (0.16%)
    4 = 13 (0.16%)
    23 = 12 (0.15%)
    1 = 11 (0.14%)
    30 = 9 (0.11%)
    26 = 8 (0.1%)
    28 = 5 (0.06%)
    27 = 5 (0.06%)
    36 = 4 (0.05%)
    50 = 4 (0.05%)
    31 = 3 (0.04%)
    33 = 3 (0.04%)
    48 = 3 (0.04%)
    41 = 2 (0.02%)
    2 = 2 (0.02%)
    44 = 2 (0.02%)
    3 = 2 (0.02%)
    64 = 2 (0.02%)
    69 = 1 (0.01%)
    37 = 1 (0.01%)
    63 = 1 (0.01%)
    42 = 1 (0.01%)
    43 = 1 (0.01%)
    29 = 1 (0.01%)
    68 = 1 (0.01%)
    49 = 1 (0.01%)
    35 = 1 (0.01%)

    | |
    | |
    | |
    | |
    | |
    | |
    | | |
    ||| |
    ||| |
    ||| |
    |||||
    ||||||
    |||||||
    ||||||||
    ||||||||||| |
    |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    00000000001111111111222222222233333333334444444444555555555566666666667
    01234567890123456789012345678901234567890123456789012345678901234567890

    One to six characters = 444 (0.0%)
    One to eight characters = 2637 (32.62'%)
    More than eight characters = 5448 (67.38%)

    Only lowercase alpha = 808 (9.99%)
    Only uppercase alpha = 6 (0.07%)
    Only alpha = 814 (10.07%)
    Only numeric = 229 (2.83%)

    First capital last symbol = 113 (1.4%)
    First capital last number = 1011 (12.5%)

    Single digit on the end = 1118 (13.83%)
    Two digits on the end = 929 (11.49%)
    Three digits on the end = 786 (9.72%)

    Last number
    0 = 424 (5.24%)
    1 = 746 (9.23%)
    2 = 509 (6.3%)
    3 = 691 (8.55%)
    4 = 370 (4.58%)
    5 = 319 (3.95%)
    6 = 308 (3.81%)
    7 = 299 (3.7%)
    8 = 292 (3.61%)
    9 = 310 (3.83%)

    |
    | |
    | |
    | |
    | |
    |||
    ||||
    ||||
    |||||
    ||||||||||
    ||||||||||
    ||||||||||
    ||||||||||
    ||||||||||
    ||||||||||
    ||||||||||
    0123456789

    Last digit
    1 = 746 (9.23%)
    3 = 691 (8.55%)
    2 = 509 (6.3%)
    0 = 424 (5.24%)
    4 = 370 (4.58%)
    5 = 319 (3.95%)
    9 = 310 (3.83%)
    6 = 308 (3.81%)
    7 = 299 (3.7%)
    8 = 292 (3.61%)

    Last 2 digits (Top 20)
    23 = 321 (3.97%)
    12 = 140 (1.73%)
    10 = 90 (1.11%)
    34 = 88 (1.09%)
    13 = 87 (1.08%)
    11 = 84 (1.04%)
    00 = 80 (0.99%)
    45 = 72 (0.89%)
    21 = 67 (0.83%)
    01 = 66 (0.82%)
    88 = 59 (0.73%)
    22 = 45 (0.56%)
    56 = 42 (0.52%)
    66 = 40 (0.49%)
    99 = 39 (0.48%)
    02 = 37 (0.46%)
    42 = 36 (0.45%)
    06 = 36 (0.45%)
    09 = 35 (0.43%)
    77 = 34 (0.42%)

    Last 3 digits (Top 20)
    123 = 278 (3.44%)
    234 = 66 (0.82%)
    013 = 42 (0.52%)
    345 = 36 (0.45%)
    000 = 33 (0.41%)
    456 = 28 (0.35%)
    012 = 28 (0.35%)
    321 = 21 (0.26%)
    337 = 16 (0.2%)
    545 = 15 (0.19%)
    111 = 14 (0.17%)
    010 = 13 (0.16%)
    999 = 13 (0.16%)
    987 = 13 (0.16%)
    666 = 13 (0.16%)
    349 = 13 (0.16%)
    101 = 12 (0.15%)
    007 = 12 (0.15%)
    712 = 11 (0.14%)
    019 = 11 (0.14%)

    Last 4 digits (Top 20)
    1234 = 63 (0.78%)
    2013 = 39 (0.48%)
    2345 = 26 (0.32%)
    2012 = 26 (0.32%)
    3456 = 23 (0.28%)
    1337 = 15 (0.19%)
    3545 = 13 (0.16%)
    3123 = 12 (0.15%)
    1349 = 11 (0.14%)
    0019 = 10 (0.12%)
    1981 = 10 (0.12%)
    2000 = 10 (0.12%)
    7890 = 10 (0.12%)
    2010 = 9 (0.11%)
    1982 = 8 (0.1%)
    0000 = 8 (0.1%)
    1425 = 7 (0.09%)
    5678 = 7 (0.09%)
    2682 = 7 (0.09%)
    1111 = 7 (0.09%)

    Last 5 digits (Top 20)
    12345 = 25 (0.31%)
    23456 = 23 (0.28%)
    03545 = 13 (0.16%)
    23123 = 12 (0.15%)
    61349 = 11 (0.14%)
    00019 = 10 (0.12%)
    52682 = 7 (0.09%)
    45678 = 7 (0.09%)
    71425 = 7 (0.09%)
    67890 = 6 (0.07%)
    54321 = 6 (0.07%)
    51031 = 5 (0.06%)
    21213 = 5 (0.06%)
    42031 = 5 (0.06%)
    37465 = 5 (0.06%)
    11111 = 4 (0.05%)
    35297 = 4 (0.05%)
    92115 = 4 (0.05%)
    61266 = 4 (0.05%)
    00000 = 4 (0.05%)

    Character sets
    loweralphanum: 3825 (47.31%)
    mixedalphanum: 2341 (28.95%)
    loweralpha: 808 (9.99%)
    mixedalphaspecialnum: 351 (4.34%)
    numeric: 229 (2.83%)
    loweralphaspecialnum: 164 (2.03%)
    mixedalpha: 153 (1.89%)
    loweralphaspecial: 42 (0.52%)
    upperalphanum: 31 (0.38%)
    mixedalphaspecial: 22 (0.27%)
    upperalphaspecialnum: 12 (0.15%)
    upperalpha: 6 (0.07%)
    specialnum: 2 (0.02%)

    Character set ordering
    othermask: 3186 (39.41%)
    stringdigit: 2440 (30.18%)
    allstring: 967 (11.96%)
    stringdigitstring: 780 (9.65%)
    alldigit: 229 (2.83%)
    digitstring: 217 (2.68%)
    digitstringdigit: 155 (1.92%)
    stringspecialdigit: 66 (0.82%)
    stringspecialstring: 23 (0.28%)
    stringspecial: 17 (0.21%)
    specialstringspecial: 4 (0.05%)
    specialstring: 1 (0.01%)

    Colours
    red = 34 (0.42%)
    blue = 10 (0.12%)
    green = 7 (0.09%)
    black = 6 (0.07%)
    white = 1 (0.01%)
    orange = 1 (0.01%)
    brown = 1 (0.01%)
    purple = 1 (0.01%)
    indigo = 1 (0.01%)

    Dates

    Months
    march = 1 (0.01%)
    may = 11 (0.14%)
    june = 2 (0.02%)
    july = 1 (0.01%)
    august = 1 (0.01%)
    december = 2 (0.02%)

    Days
    wednesday = 1 (0.01%)
    friday = 2 (0.02%)

    Months (Abreviated)
    jan = 6 (0.07%)
    feb = 5 (0.06%)
    mar = 31 (0.38%)
    apr = 7 (0.09%)
    may = 11 (0.14%)
    jun = 5 (0.06%)
    jul = 5 (0.06%)
    aug = 3 (0.04%)
    oct = 3 (0.04%)
    nov = 2 (0.02%)
    dec = 7 (0.09%)

    Days (Abreviated)
    mon = 29 (0.36 %)
    wed = 2 (0.02 %)
    thurs = 1 (0.01 %)
    fri = 8 (0.1 %)
    sat = 3 (0.04 %)
    sun = 11 (0.14 %)

    Includes years
    1975 = 1 (0.01%)
    1976 = 4 (0.05%)
    1977 = 3 (0.04%)
    1978 = 5 (0.06%)
    1979 = 5 (0.06%)
    1980 = 3 (0.04%)
    1981 = 10 (0.12%)
    1982 = 11 (0.14%)
    1983 = 6 (0.07%)
    1984 = 4 (0.05%)
    1985 = 7 (0.09%)
    1986 = 10 (0.12%)
    1987 = 9 (0.11%)
    1988 = 8 (0.1%)
    1989 = 4 (0.05%)
    1990 = 5 (0.06%)
    1991 = 3 (0.04%)
    1992 = 4 (0.05%)
    1993 = 4 (0.05%)
    1994 = 12 (0.15%)
    1995 = 3 (0.04%)
    1998 = 1 (0.01%)
    1999 = 2 (0.02%)
    2000 = 13 (0.16%)
    2001 = 2 (0.02%)
    2002 = 4 (0.05%)
    2003 = 7 (0.09%)
    2004 = 6 (0.07%)
    2005 = 5 (0.06%)
    2006 = 7 (0.09%)
    2007 = 14 (0.17%)
    2008 = 8 (0.1%)
    2009 = 5 (0.06%)
    2010 = 10 (0.12%)
    2011 = 8 (0.1%)
    2012 = 32 (0.4%)
    2013 = 48 (0.59%)
    2014 = 4 (0.05%)
    2016 = 1 (0.01%)
    2018 = 5 (0.06%)
    2020 = 2 (0.02%)

    Years (Top 20)
    2013 = 48 (0.59%)
    2012 = 32 (0.4%)
    2007 = 14 (0.17%)
    2000 = 13 (0.16%)
    1994 = 12 (0.15%)
    1982 = 11 (0.14%)
    1981 = 10 (0.12%)
    1986 = 10 (0.12%)
    2010 = 10 (0.12%)
    1987 = 9 (0.11%)
    2011 = 8 (0.1%)
    2008 = 8 (0.1%)
    1988 = 8 (0.1%)
    2003 = 7 (0.09%)
    1985 = 7 (0.09%)
    2006 = 7 (0.09%)
    1983 = 6 (0.07%)
    2004 = 6 (0.07%)
    1990 = 5 (0.06%)
    2005 = 5 (0.06%)

    Hashcat masks (Top 20)

    ?l?l?l?l?l?l?l?l: 221 (2.73%)
    ?l?l?l?l?l?l: 117 (1.45%)
    ?l?l?l?l?l?d?d?d: 113 (1.4%)
    ?l?l?l?l?l?l?d?d: 113 (1.4%)
    ?l?l?l?l?l?l?l: 100 (1.24%)
    ?l?l?l?l?d?d?d?d: 98 (1.21%)
    ?l?l?l?l?l?l?l?l?l: 93 (1.15%)
    ?l?l?l?l?l?l?l?l?l?d: 85 (1.05%)
    ?d?d?d?d?d?d: 84 (1.04%)
    ?l?l?l?l?l?l?l?l?l?l: 79 (0.98%)
    ?l?l?l?l?l?l?l?d: 66 (0.82%)
    ?l?l?l?l?l?l?d?d?d: 60 (0.74%)
    ?u?l?l?l?l?l?d?d: 57 (0.71%)
    ?l?l?l?l?l?l?l?l?d?d?d: 57 (0.71%)
    ?d?d?d?d?d?d?d?d: 55 (0.68%)
    ?l?l?l?l?l?l?l?l?l?d?d: 54 (0.67%)
    ?l?l?l?l?l?l?l?l?d: 50 (0.62%)
    ?l?l?l?l?d?d?d: 49 (0.61%)
    ?l?l?l?l?l?l?l?l?l?l?l: 48 (0.59%)
    ?l?l?l?l?l?d?d?d?d: 48 (0.59%)

    Windows AD Default Complexity
    Number of matches = 2836 (35.08%)

    Machine Name Test
    Exact Matches
    wsxsd029
    wsxsd038
    asdf
    yelloh
    wsxsd032
    wsxsd021
    wsxsd039
    wsxsd027
    wsxsd015
    wsxsd022
    wsxsd004
    wsxsd002
    wsxsd028
    wsxsd024
    wsxsd025
    dylanteoh
    wsxsd040
    wsxsd035
    wsxsd041
    wsxsd042
    wsxsd043

    Levenshtein Results
    Average distance 14.96

    Close Matches
    D: 1 U: minecraft P: minecraft!
    D: 1 U: wsxsd014 P: wsxsd013
    D: 2 U: server1 P: dwserver1
    D: 2 U: vp14.ezyhostr.com P: vp14ezyhostrcom
    D: 2 U: perak2 P: perak123
    D: 3 U: lichc P: lichipx
    D: 3 U: john P: wzxjohn
    D: 3 U: john P: wzxjohn
    D: 3 U: puntun2 P: PuntuN
    D: 3 U: alpha1 P: alpha224
    D: 3 U: chicago P: chicagovps
    D: 3 U: driftchicken P: [email protected]
    D: 3 U: clanexo P: 6clan6exo6
    D: 3 U: jendoel P: jendoel212
    D: 3 U: jakkk123 P: jakkk123123
    D: 3 U: shadowfarm10 P: shadowman10
    D: 3 U: poppy P: poppy1C!
     
  2. lbft

    lbft New Member

    178
    161
    May 15, 2013
    Mind if I ask why you're dragging this up again?
     
  3. blergh

    blergh New Member Verified Provider

    654
    209
    Apr 10, 2013
    But.. why?
     
  4. Wintereise

    Wintereise New Member

    241
    159
    May 16, 2013
    Dude, stop.
     
  5. mikho

    mikho Not to be taken seriously, ever!

    963
    253
    May 15, 2013
    How is this relevant to my interests?
     
  6. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    I take it SolusVM doesn't have a password strength or password length setting?
     
    drmike likes this.
  7. blergh

    blergh New Member Verified Provider

    654
    209
    Apr 10, 2013
    Both yes and no. I don't think solus has it, but whmcs can force you to a certain password-lenght upon sign-up.
     
    Last edited by a moderator: Apr 12, 2014
    DomainBop likes this.
  8. texteditor

    texteditor Premium Buffalo-based Hosting

    593
    365
    May 19, 2013
    If anything this should drive everyone to review and rethink their password policies, given the stunning amount of overlap from a small customer base
     
    drmike likes this.
  9. nunim

    nunim VPS Junkie

    485
    157
    May 15, 2013
    It's very likely that people had multiple VMs and set the same root password on signup.  It's also important to remember this is only what Solus THINKS that the password is, not the actual passwords.  I frequently use a weak password on signup/reset only to change it via SSH as I do not want my host to have my password.

    I believe that randomly generating the password on creation of the VPS is the best idea from the provider's point of view.
     
    Last edited by a moderator: Apr 12, 2014
    drmike likes this.
  10. iWF-Jacob

    iWF-Jacob New Member Verified Provider

    160
    43
    Jan 27, 2014
    100% agreed. Though I don't believe I've found a way to force a password change on initial login for SolusVM/VPS accounts, I highly recommend implementing such a policy with shared/reseller.
     
    Last edited by a moderator: Apr 12, 2014
  11. MartinD

    MartinD Retired Staff Retired Staff Verified Provider

    1,410
    1,278
    May 15, 2013
    Don't provision VM's with a password, use a random string and have customers reinstall with a new password at first login. Or, have the default install image block logins with a message telling customers to reinstall with a new password. It's what we do with another brand and works well.
     
    Magiobiwan, drmike and iWF-Jacob like this.
  12. Lanarchy

    Lanarchy New Member

    42
    13
    May 16, 2013
    Can confirm, my password was set to

    CVPSsecuritysuckslol1!
     
  13. Magiobiwan

    Magiobiwan Insert Witty Statement Here Verified Provider

    374
    112
    May 15, 2013
    Precisely how Feathur does it. The root password box in WHMCS does nothing. You have to use the activation link to set your Feathur account password, then you have to set your VPS root password in Feathur (for OpenVZ). This confuses some new users despite being stated in the welcome email...
     
    drmike likes this.
  14. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    To be fair, the whole CVPS debacle taught a lot of people a couple things:

    • How passwords are stored in Solus, and why it's a good idea to change your password via SSH on first login to your VPS.
    • If you run a company, you learned how not to respond to such an unfortunate event. So, there's that.

    Weak passwords are everywhere, it's unfortunate. The thing is, most people who operate a VPS would ideally have... y'know, more secure passwords. I wonder how that list would compare to say a list from less tach-savvy people.

    Also, the top 20 password list has to be impacted by customers with multiple VPSes... like, there must of been one person with "shadowman10" as all of his root passwords for a handful of machines or something. The 'qazwsxedc' password seemed odd until I looked at my keyboard... just a slightly more secure 'qwerty'.
     
    drmike likes this.
  15. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Lots wrong with the passwords.   Short ones, idiotic ones...  You see all sorts of funnies...

    There is a whole other file analyzed of other CVPS data... Ho hum... But I'll resist.
     
  16. iWF-Jacob

    iWF-Jacob New Member Verified Provider

    160
    43
    Jan 27, 2014
    Aww, come now. You know you cant resist the temptation...