New Report Highlights Common Passwords in RDP Attacks


A new report from cybersecurity experts at Specops has revealed the most common passwords used in attacks against Remote Desktop Protocol (RDP) ports. The research, which analyzed live attack data, highlights how weak passwords remain a significant security vulnerability.

The Specops report examined NTLMv2 password hashes collected through their honeypot system between late 2024 and March 2025.

The researchers were able to crack approximately 40% of the recorded hashes, providing insight into the specific passwords being used in brute force and password-spraying attacks against RDP.

Most Common Passwords in RDP Attacks

The analysis identified the ten most frequently used passwords in RDP attacks, which are:

  • 123456
  • 1234
  • Password1
  • 12345
  • P@ssw0rd
  • password
  • Password123
  • Welcome1
  • 12345678
  • Aa123456

The data shows that attackers frequently rely on basic numeric sequences and predictable variations of the word “password.”

Notably, “123456” was also the most commonly stolen password in the Specops report, underscoring end-users’ continued reliance on easy to remember, and easily guessable, credentials.

Why RDP is a Prime Target

RDP, which operates over TCP port 3389, is widely used to facilitate remote work and IT administration. However, its accessibility also makes it a frequent target for cybercriminals.

Attackers scan for exposed RDP servers, leveraging brute force tactics to gain access to corporate networks.

Many organizations report thousands of failed login attempts daily from bots, ransomware operators and other malicious actors.

Read more on password security best practices: NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines

Password Complexity Trends

The report also analyzed the character composition and lengths of passwords used in RDP attacks, finding that:

  • 45% of passwords consisted only of numbers or lowercase letters
  • Only 7.56% included a mix of uppercase, lowercase, numbers and special characters
  • The most common password length was eight characters (26.14%)
  • Less than 1.35% of passwords being used to attack the RDP port exceeded 12 characters

These findings suggest that enforcing longer and more complex passwords could significantly reduce the risk of RDP compromise.

Strengthening RDP Security

Specops recommends several measures to defend against RDP-based attacks, including:

  • Implementing multi-factor authentication (MFA) for RDP connections
  • Ensuring RDP servers are not directly exposed to the internet
  • Regularly updating Windows servers and applying security patches
  • Restricting RDP access to a limited range of IP addresses
  • Enforcing strong password policies and blocking compromised credentials

Organizations looking to assess their current password risks can use tools like password auditing software or credential monitoring services to identify weak and breached credentials within their Active Directory environments.

As cyber-threats continue to evolve, taking proactive steps to secure RDP connections remains essential for preventing unauthorized access and potential data breaches.



Source link

Leave a Comment