H3-2021-0021

Weak or Default Credentials - Web Applications

Description

A default web application credential was found. Attackers can exploit this weakness through brute force or dictionary attacks. For instance, if the default password for a default account like "admin" is not changed, an attacker can use this information to access the application as an administrator.

Impact

Exploiting this weakness can allow an attacker to gain unauthorized access to the application, potentially leading to full compromise of the application, and in some cases compromise of the underlying host.

References

• CWE-521: Weak Password Requirements
• MITRE ATT&CK Technique: T1110: Brute Force
• MITRE ATT&CK Technique: T1078.001: Valid Accounts: Default Accounts