Skip to content

Why does the Range use insecure passwords for virtual machines?

This is a great question, without an easy answer. The short answer is that you've already been authenticated to the Cyber Range by the time you've been presented with a login prompt or are asked for the root/administrator password. The longer answer is that this was a decision we made influenced by several factors:

  • Since the connection to your virtual machine has already gone through authentication, authorization, and an acceptable level of non-repudiation, having you further provide a complex username or password generally hampers the learning process.

  • If we used unique passwords for each VM, you would need to remember (or lookup) the password for each environment

  • An instructor or TA that needs to check work might need to look up the password for each student -- again a hindrence to the learning process.

  • In some operating systems or login processes copy-paste is not supported

  • In some operating systems there is poor accessibility support during the login process, or until the user logs in for the first time

  • If a user needs support, the user would be required to transmit their password over an insecure protocol, which reinforces a bad behavior

  • In most cases, auto-login to the desktop (which is assisted by having a defined password) allows us to enable some accessibility features on behalf of a student automatically.