Default Login

Description

Kayran has detected a potential Default Login in your site.
Many web applications and hardware devices have default passwords for the built-in administrative accounts and to the holders of such other positions.

Expressed in common and low-strength passwords or usernames. Possibly, passwords like: ‘password’, ‘pass1234’, ‘admin’ and so on.

Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
This means that if a remote attacker gains access, they will be able to access administrative accounts.

This will give them the option to perform operations that require administrator privileges, such as editing and deleting users and files, extracting information, etc.

Recommendation

These could either be generated automatically by the application, or manually created by staff.
First of all, to prevent Default Login, make sure that there are no passwords or usernames of a weak nature on your site.

When a user is created, he must be required that his password meet advanced criteria to strengthen the password. Criteria such as an uppercase and lowercase letters, the length of the password, special characters, etc.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »