Vulnerability Details
Severity:
Critical
Category:
Authentication
Description
The application or its components are deployed with default credentials (e.g., admin/admin, admin/password) that have not been changed from their factory settings.
Risks
An attacker could gain full administrative access using publicly known default credentials, leading to complete system compromise, data breach, or service disruption.
Remediation
Force credential changes during initial setup. Remove or disable default accounts. Implement credential checks against lists of known default passwords. Conduct regular audits for default credentials across all components.