Default Login Credetials
Detection of default login credentials misconfiguration for potential unauthorized access vulnerability.
Security Misconfiguration (SM)
How this template works
APIs Selection
The API selection filters in this template are used to filter the requests based on specific criteria. In this case, the filters are set to select requests with a response code between 200 and 299, and requests that have either "username" or "user" as a key in the request payload.
Execute request
The execute section of the template specifies the type of execution as "single" and defines the requests to be executed. In this case, the request is modified by replacing the "usernameKey" parameter with values from the "usernames" word list, and the "passwordKey" parameter is set to "admin".
Validation
The validation section defines the criteria for validating the response. It specifies that the response code should be between 200 and 205. This ensures that the request was successful and the response is within the expected range.
Frequently asked questions
What is the purpose of the Default Login Credentials test
How does the Default Login Credentials test work
What is the impact of using default login credentials
What category and severity level does the Default Login Credentials test fall under
Are there any specific word lists used for the username parameter in this test
Are there any references or resources available for further information on security misconfigurations
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable