How to remediate – F-Secure Internet Gatekeeper Default Administrator Credentials

Contents

1. Introduction

The F-Secure Internet Gatekeeper Default Administrator Credentials vulnerability allows attackers to gain administrative access to a web application due to the use of default login details. This impacts businesses by allowing unauthorised control of their network security devices, potentially leading to data breaches and system compromise. Systems affected are those running the F-Secure Internet Gatekeeper with its default configuration. A successful exploit could lead to complete confidentiality, integrity, and availability loss.

2. Technical Explanation

The remote F-Secure Internet Gatekeeper install uses a default set of credentials (‘admin’ / ‘admin’) for access to its Web Console. An attacker can use these known credentials to log in and gain full administrative control over the device. There is no CVE associated with this specific issue, but it falls under CWE-798: Use of Hardcoded Credentials. For example, an attacker could simply enter ‘admin’ as both username and password on the login page to access the console. This vulnerability affects F-Secure Internet Gatekeeper installations using default settings.

Root cause: The use of hardcoded, well-known default credentials for administrative access.
Exploit mechanism: An attacker attempts to log in to the Web Console using the default ‘admin’ / ‘admin’ credentials. If successful, they gain full control of the device.
Scope: F-Secure Internet Gatekeeper installations with default credentials.

3. Detection and Assessment

You can confirm if a system is vulnerable by attempting to log in using the default credentials. A quick check involves accessing the Web Console login page, while a thorough method includes reviewing configuration files for hardcoded passwords (if accessible).

Quick checks: Access the F-Secure Internet Gatekeeper web console login page and attempt to log in with username ‘admin’ and password ‘admin’.
Scanning: Nessus plugin ID 16394 can identify this vulnerability. This is an example only, other scanners may also detect it.
Logs and evidence: Check application logs for successful logins using the default ‘admin’ account. Log file locations vary depending on installation settings.

4. Solution / Remediation Steps

The following steps provide a precise method to fix the issue by changing the default administrator password. These steps are small, testable, and safe to roll back.

4.1 Preparation

Dependencies: No dependencies or pre-requisites required. Rollback involves restoring the previous configuration if needed.
Change window: A short maintenance window may be required to avoid service disruption, depending on network traffic. Approval from a system administrator is recommended.

4.2 Implementation

Step 1: Log into the F-Secure Internet Gatekeeper Web Console using existing credentials (if available). If not, use ‘admin’ / ‘admin’.
Step 2: Click on ‘Admin password’ in the menu.
Step 3: Enter a strong, unique new password and confirm it.
Step 4: Save the changes.

4.3 Config or Code Example

Before

After

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of vulnerability. Least privilege reduces the impact if an account is compromised, while safe defaults minimise initial exposure. A strong password policy enforces complex and unique credentials.

Practice 1: Implement least privilege principles to limit access rights for all accounts.
Practice 2: Enforce a strong password policy requiring complex passwords and regular changes.

4.5 Automation (Optional)

No suitable automation script is available due to the UI-based nature of this change.

5. Verification / Validation

Post-fix check: Attempt to log into the F-Secure Internet Gatekeeper Web Console using username ‘admin’ and password ‘admin’. The login should fail.
Re-test: Repeat the initial detection method (attempting to log in with default credentials) to confirm it no longer works.
Smoke test: Verify that you can still access the web console with the new, changed password and view basic system information.
Monitoring: Monitor application logs for failed login attempts using the ‘admin’ account. This is an example only.

6. Preventive Measures and Monitoring

Update security baselines to include a check for default credentials on network devices. Implement CI/CD pipeline checks to prevent deployments with known default settings. Establish a regular patch or configuration review cycle to identify and address vulnerabilities promptly.

Pipelines: Add automated checks in your CI/CD pipeline to scan for hardcoded credentials in configuration files.
Asset and patch process: Implement a regular review cycle (e.g., monthly) to verify configurations against security baselines.

7. Risks, Side Effects, and Roll Back

Risk or side effect 1: Loss of access if the new password is forgotten. Mitigation: Document the new password securely and consider a password reset process.

8. References and Resources

Vendor advisory or bulletin: F-Secure Internet Gatekeeper Product Page
NVD or CVE entry: No specific CVE is associated with this vulnerability, as it relates to default credentials.
Product or platform documentation relevant to the fix: F-Secure Internet Gatekeeper Documentation

Updated on December 27, 2025

Was this article helpful?

Yes No