From 5c6916174af59aa43e4722fb70e7a6b7cc7b07d3 Mon Sep 17 00:00:00 2001 From: daffainfo Date: Wed, 21 Sep 2022 20:22:58 +0700 Subject: [PATCH] Added default credential --- .github/FUNDING.yml | 2 -- Misc/Default Credentials | 0 Misc/Default Credentials.md | 17 +++++++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) delete mode 100644 .github/FUNDING.yml delete mode 100644 Misc/Default Credentials create mode 100644 Misc/Default Credentials.md diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index b66f5a7..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,2 +0,0 @@ -# These are supported funding model platforms -custom: paypal.me/md15ev diff --git a/Misc/Default Credentials b/Misc/Default Credentials deleted file mode 100644 index e69de29..0000000 diff --git a/Misc/Default Credentials.md b/Misc/Default Credentials.md new file mode 100644 index 0000000..6e96d15 --- /dev/null +++ b/Misc/Default Credentials.md @@ -0,0 +1,17 @@ +# Default Credentials + +## Introduction +A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings. + +## How to find +1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana +2. Find the admin login +3. Find the information about default credential using repositories below + +## Useful Repositories +- [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet) +- [@many-passwords](https://github.com/many-passwords/many-passwords) + +## References +- [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials) +- [HackerOne #398797](https://hackerone.com/reports/398797) \ No newline at end of file