Default Login Credetials
Detection of default login credentials misconfiguration for potential unauthorized access vulnerability.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template are used to filter the requests based on specific criteria. In this case, the filters are set to select requests with a response code between 200 and 299, and requests that have either "username" or "user" as a key in the request payload.
The execute section of the template specifies the type of execution as "single" and defines the requests to be executed. In this case, the request is modified by replacing the "usernameKey" parameter with values from the "usernames" word list, and the "passwordKey" parameter is set to "admin".
The validation section defines the criteria for validating the response. It specifies that the response code should be between 200 and 205. This ensures that the request was successful and the response is within the expected range.
Frequently asked questions
What is the purpose of the Default Login Credentials test
How does the Default Login Credentials test work
What is the impact of using default login credentials
What category and severity level does the Default Login Credentials test fall under
Are there any specific word lists used for the username parameter in this test
Are there any references or resources available for further information on security misconfigurations