Skip to content

Why does the Range use insecure passwords for virtual machines?

This is a great question, without an easy answer. The short answer is that you've already been authenticated to the Cyber Range by the time you've been presented with a login prompt or are asked for the root/administrator password. The longer answer is that this was a decision we made influenced by several factors:

  • Since the connection to your virtual machine has already gone through authentication, authorization, and an acceptable level of non-repudiation, having you further provide a complex username or password generally hampers the learning process.

  • If we used unique passwords for each VM, you would need to remember (or lookup) the password for each environment

  • An instructor or TA that needs to check work might need to look up the password for each student -- again a hindrance to the learning process.

  • In some operating systems or login processes copy-paste is not supported

  • In some operating systems there is poor accessibility support during the login process, or until the user logs in for the first time

  • If a user needs support, the user would be required to transmit their password over an insecure protocol, which reinforces a bad behavior

  • In most cases, auto-login to the desktop (which is assisted by having a defined password) allows us to enable some accessibility features on behalf of a student automatically.

Have a Question? Contact Support

Important

Students, please reach out to your instructor who can submit a ticket to our Support Team on your behalf.

We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our Support Team and we'll get back to you as soon as possible.