Skip to main content

Common credentials

Plugin details

SeverityHigh
ID10003
CategoryAuthentication
CVSS score7.3
CVSS linkhttps://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Synopsis

The server can be accessed using well-known credentials.

Description

The server uses default credentials (username & password) for potentially critical functionality. An attacker can easily guess the credentials to bypass authentication and to gain access to the server.

The credentials attempted are listed with sources here. An additional credential was also added from here.

Solution

Change or disable default credentials.

References