Why does the Range use insecure passwords for virtual machines?¶
This is a great question, without an easy answer. The short answer is that you've already been authenticated to the Cyber Range by the time you've been presented with a login prompt or are asked for the root/administrator password. The longer answer is that this was a decision we made influenced by several factors:
-
Since the connection to your virtual machine has already gone through authentication, authorization, and an acceptable level of non-repudiation, having you further provide a complex username or password generally hampers the learning process.
-
If we used unique passwords for each VM, you would need to remember (or lookup) the password for each environment
-
An instructor or TA that needs to check work might need to look up the password for each student -- again a hindrance to the learning process.
-
In some operating systems or login processes copy-paste is not supported
-
In some operating systems there is poor accessibility support during the login process, or until the user logs in for the first time
-
If a user needs support, the user would be required to transmit their password over an insecure protocol, which reinforces a bad behavior
-
In most cases, auto-login to the desktop (which is assisted by having a defined password) allows us to enable some accessibility features on behalf of a student automatically.
Have a Question? Contact Support¶
Note
Students: Please reach out to your Instructor who can submit a ticket to our Support Team on your behalf.
We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our Support Team and we'll get back to you as soon as possible.
Thank You for Your Feedback!