Security Workbook on Pentesting
Security Workbook on Pentesting
About us
References
Bug Bounty
Resources
Mindmaps
Tools Cheat Sheet
Bug Bounty & Pen-Test Templates
XSS Vulnerability
CSRF (Cross-site request forgery)
Unrestricted File Upload
Subdomain Takeover
Github Recon
Injection
IDOR (Insecure direct object references)
SSRF (Server-side request forgery)
Clickjacking
Open Redirect
Server-side request forgery (SSRF)
File Inclusion
Insecure Deserialization
Response manipulation
Directory Browsing
Race condition
Use of Default Credentials
CTF's
Powered by GitBook

Use of Default Credentials

Vulnerability Name: Use of Default Credentials

Vulnerability Description: This vulnerability occurs when any open source or commercial software is newly installed on the server, the default credentials are not changed. These default credentials are guessable or publicly available in the software documentation or any public forum. This Default credentials can be lead to gain admin-level privileges on the application.

Default Credentials : [Mention the Default credentials which are used by the application]

Steps to Reproduce:

  1. Visit the login panel where default credentials are being used : [Mention the URL]

  2. The visiting the following link, we can see the default credentials of the software.

  3. Log in to the application using the default credentials showed in step 2.

Proof-of-concept: Snapshots or video links attached.

Impact: By the use of default credentials, an attacker can gain administrator-level privileges by log in to the application.

[Further Impact can be shown as per the functionality of the application]

Attack Scenario: [Create your own attack scenario according to the workflow of the website]

Remediation:

1. Disable or change the default credentials after installing the new software.

2. User should be prompted to change the password after the first login.

Previous
Race condition
Next
CTF's
Last updated 3 months ago