Critical Severity
🔴 Default Credentials
🧠 Description
Applications or devices are deployed with default usernames and passwords (e.g., admin/admin, root/root). Attackers can use these to gain unauthorized access.
Impact: Full System Compromise, Data Breach, Lateral Movement
🔍 Detection / Common Default Credentials
admin:admin
admin:password
root:root
administrator:administrator
user:user
guest:guest
tomcat:tomcat
postgres:postgres
🛡️ Mitigation
✅ Change all default credentials during deployment
✅ Enforce strong password policy
✅ Use password managers for credential storage
✅ Document and audit all service accounts
✅ Enforce strong password policy
✅ Use password managers for credential storage
✅ Document and audit all service accounts