Default Login


Kayran has detected a potential Default Login in your site.
Many web applications and hardware devices have default passwords for the built-in administrative accounts and to the holders of such other positions.

Expressed in common and low-strength passwords or usernames. Possibly, passwords like: ‘password’, ‘pass1234’, ‘admin’ and so on.

Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
This means that if a remote attacker gains access, they will be able to access administrative accounts.

This will give them the option to perform operations that require administrator privileges, such as editing and deleting users and files, extracting information, etc.


These could either be generated automatically by the application, or manually created by staff.
First of all, to prevent Default Login, make sure that there are no passwords or usernames of a weak nature on your site.

When a user is created, he must be required that his password meet advanced criteria to strengthen the password. Criteria such as an uppercase and lowercase letters, the length of the password, special characters, etc.


< Return to all Vulnerabilities

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »