Identity Management / Use of Default Credentials

Description

Use of Default Credentials is a type of vulnerability in identity management that occurs when a system or application uses a generic username and password combination that is known by many users. This is a security risk because it makes it easier for attackers to gain access to the system or application without having to guess or crack the password. According to the Common Weakness Enumeration (CWE) directory, this vulnerability can occur in web and API applications. The OWASP Testing Guide also lists this vulnerability as one that should be tested for (OWASP-AT-002).

Risk

Use of Default Credentials is a high risk vulnerability as it significantly reduces the security of the system or application. If attackers can gain access to the system or application with a generic username and password combination, they can potentially gain access to sensitive information or exploit other vulnerabilities in the system or application.

Solution

The most effective solution to this vulnerability is to not use generic usernames and passwords in the system or application. Instead, unique usernames and passwords should be used for each user. Additionally, password strength should be enforced and passwords should be periodically changed.