■ ■ ■ ■ ■ ■
Misc/Default Credentials.md
| 1 | + | # Default Credentials |
| 2 | + | |
| 3 | + | ## Introduction |
| 4 | + | A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings. |
| 5 | + | |
| 6 | + | ## How to find |
| 7 | + | 1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana |
| 8 | + | 2. Find the admin login |
| 9 | + | 3. Find the information about default credential using repositories below |
| 10 | + | |
| 11 | + | ## Useful Repositories |
| 12 | + | - [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet) |
| 13 | + | - [@many-passwords](https://github.com/many-passwords/many-passwords) |
| 14 | + | |
| 15 | + | ## References |
| 16 | + | - [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials) |
| 17 | + | - [HackerOne #398797](https://hackerone.com/reports/398797) |