Default Login


Kayran has detected a potential Default Login in your site.
Many web applications and hardware devices have default passwords for the built-in administrative accounts and to the holders of such other positions.

Expressed in common and low-strength passwords or usernames. Possibly, passwords like: ‘password’, ‘pass1234’, ‘admin’ and so on.

Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
This means that if a remote attacker gains access, they will be able to access administrative accounts.

This will give them the option to perform operations that require administrator privileges, such as editing and deleting users and files, extracting information, etc.


These could either be generated automatically by the application, or manually created by staff.
First of all, to prevent Default Login, make sure that there are no passwords or usernames of a weak nature on your site.

When a user is created, he must be required that his password meet advanced criteria to strengthen the password. Criteria such as an uppercase and lowercase letters, the length of the password, special characters, etc.


< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »