Why does the Range use insecure passwords for virtual machines?¶
This is a great question, without an easy answer. The short answer is that you've already been authenticated to the Cyber Range by the time you've been presented with a login prompt or are asked for the root/administrator password. The longer answer is that this was a decision we made influenced by several factors:
Since the connection to your virtual machine has already gone through authentication, authorization, and an acceptable level of non-repudiation, having you further provide a complex username or password generally hampers the learning process.
If we used unique passwords for each VM, you would need to remember (or lookup) the password for each environment
An instructor or TA that needs to check work might need to look up the password for each student -- again a hindrence to the learning process.
In some operating systems or login processes copy-paste is not supported
In some operating systems there is poor accessibility support during the login process, or until the user logs in for the first time
If a user needs support, the user would be required to transmit their password over an insecure protocol, which reinforces a bad behavior
In most cases, auto-login to the desktop (which is assisted by having a defined password) allows us to enable some accessibility features on behalf of a student automatically.
Have a Question? Contact Support¶
Students: Please reach out to your Instructor or Admin who can submit a ticket to our Support team on your behalf.
If you are an Instructor or Admin and still have questions after reviewing the information above, please feel free to submit a ticket with our support team and we'll get back to you as soon as possible.
Thank You for Your Feedback!