mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 05:15:25 +00:00
17 lines
914 B
Markdown
17 lines
914 B
Markdown
|
# Default Credentials
|
||
|
|
||
|
## Introduction
|
||
|
A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
|
||
|
|
||
|
## How to find
|
||
|
1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana
|
||
|
2. Find the admin login
|
||
|
3. Find the information about default credential using repositories below
|
||
|
|
||
|
## Useful Repositories
|
||
|
- [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet)
|
||
|
- [@many-passwords](https://github.com/many-passwords/many-passwords)
|
||
|
|
||
|
## References
|
||
|
- [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials)
|
||
|
- [HackerOne #398797](https://hackerone.com/reports/398797)
|