Links

Use of Default Credentials

Vulnerability Name: Use of Default Credentials
Vulnerability Description: This vulnerability occurs when any open source or commercial software is newly installed on the server, the default credentials are not changed. These default credentials are guessable or publicly available in the software documentation or any public forum. This Default credentials can be lead to gain admin-level privileges on the application.
Default Credentials : [Mention the Default credentials which are used by the application]
Steps to Reproduce:
  1. 1.
    Visit the login panel where default credentials are being used : [Mention the URL]
  2. 2.
    The visiting the following link, we can see the default credentials of the software.
  3. 3.
    Log in to the application using the default credentials showed in step 2.
Proof-of-concept: Snapshots or video links attached.
Impact: By the use of default credentials, an attacker can gain administrator-level privileges by log in to the application.
[Further Impact can be shown as per the functionality of the application]
Attack Scenario: [Create your own attack scenario according to the workflow of the website]
Remediation:
1. Disable or change the default credentials after installing the new software.
2. User should be prompted to change the password after the first login.