Common credentials
Plugin details
| Severity | High |
|---|---|
| ID | 10003 |
| Category | Authentication |
| CVSS score | 7.3 |
| CVSS link | https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Synopsis
The server can be accessed using well-known credentials.
Description
The server uses default credentials (username & password) for potentially critical functionality. An attacker can easily guess the credentials to bypass authentication and to gain access to the server.
The credentials attempted are listed with sources here. An additional credential was also added from here.
Solution
Change or disable default credentials.