A threat actor may gain unauthorized access using the default username and password.
Example #1
- Threat actor requests a web application interface
- Sever sends a login request
- Threat actor uses admin for as username and admin for password
- Sever sends the web application interface
Impact
Vary
Risk
- Gain unauthorized access
Redemption
- Remove default credentials
ID
91f9b046-b802-425a-b71b-64c21c6b1c0f