Configuration Management / Default administrator account

Description

An active default administrator account represents a security vulnerability when it is not properly managed or secured. Default administrator accounts often come with preset credentials and settings, making them attractive targets for attackers.

Risk

Attackers may exploit default administrator accounts to gain unauthorized access to systems or applications, potentially leading to data breaches or unauthorized actions. Default administrator accounts with elevated privileges can be leveraged by attackers to escalate their privileges within the system, gaining access to sensitive resources or data. If default administrator credentials are well-known or easily guessable, attackers may use brute-force attacks or other methods to obtain access to the account. Attackers might compromise the default administrator account and take control, allowing them to manipulate configurations, install malware, or conduct malicious activities.

Solution

Disable or, if possible, delete default administrator accounts that are not needed. Only keep necessary accounts and regularly review their usage.
Change the default credentials of the administrator account immediately upon system or application deployment. Use strong, unique passwords to enhance security. In addition, enable MFA for administrator accounts to add an extra layer of security. Even if credentials are compromised, MFA helps prevent unauthorized access.