# Default Credentials ## Introduction A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings. ## How to find 1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana 2. Find the admin login 3. Find the information about default credential using repositories below ## Useful Repositories - [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet) - [@many-passwords](https://github.com/many-passwords/many-passwords) ## References - [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials) - [HackerOne #398797](https://hackerone.com/reports/398797)