Default Credentials


Description

The application or one of its components accepts default credentials for login. Default credentials are often provided by vendors with new software and are installed automatically during the install process. These default credentials are often easily discoverable on the Internet through vendor sites, instruction manuals, and websites that track default credentials. An attacker can use default credentials to bypass authentication and gain access to the application, often times with elevated privileges. 

Impact

Default credentials allow an attacker to gain unauthorized access to the application. Default credentials are frequently easy to find using search engines and Internet-available resources. Attacker will scour vendor documentation or websites that track default credentials in order to gain access to the application. Many times default credentials provide elevated privileges to the application or related components allowing attackers to gain access to sensitive data or privileged functions.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

Leave a Reply