Default Login

Description

Kayran has detected a potential Default Login in your site.
Many web applications and hardware devices have default passwords for the built-in administrative accounts and to the holders of such other positions.

Expressed in common and low-strength passwords or usernames. Possibly, passwords like: ‘password’, ‘pass1234’, ‘admin’ and so on.

Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
This means that if a remote attacker gains access, they will be able to access administrative accounts.

This will give them the option to perform operations that require administrator privileges, such as editing and deleting users and files, extracting information, etc.

Recommendation

These could either be generated automatically by the application, or manually created by staff.
First of all, to prevent Default Login, make sure that there are no passwords or usernames of a weak nature on your site.

When a user is created, he must be required that his password meet advanced criteria to strengthen the password. Criteria such as an uppercase and lowercase letters, the length of the password, special characters, etc.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials

https://cwe.mitre.org/data/definitions/521.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »