041 – Enabled default credentials

Description

It is possible to use low-strength, default credentials to access system resources, such as the database.

Impact

Obtain unauthorized access to resources or services with public credentials

Recommendation

Eliminate the credentials from the storage manager to avoid login attempts with those.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: A
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): H
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 142 - Change system default credentials

Fixes

• Csharp
• Elixir
• Go
• Java
• Python
• Ruby
• Scala
• Typescript

Last updated

2024/02/08