crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY AllAboutBugBounty Commits 5c691617
🤬
  • ■ ■ ■ ■ ■ ■
    .github/FUNDING.yml
    1  -# These are supported funding model platforms
    2  -custom: paypal.me/md15ev
    3  - 
  • ■ ■ ■ ■ ■
    Misc/Default Credentials
    1  - 
  • ■ ■ ■ ■ ■ ■
    Misc/Default Credentials.md
     1 +# Default Credentials
     2 + 
     3 +## Introduction
     4 +A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings.
     5 + 
     6 +## How to find
     7 +1. Find out type of CMS / Software is used by the website you are testing, for example the website is using grafana
     8 +2. Find the admin login
     9 +3. Find the information about default credential using repositories below
     10 + 
     11 +## Useful Repositories
     12 +- [@ihebski](https://github.com/ihebski/DefaultCreds-cheat-sheet)
     13 +- [@many-passwords](https://github.com/many-passwords/many-passwords)
     14 + 
     15 +## References
     16 +- [OWASP 04-Authentication Testing](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials)
     17 +- [HackerOne #398797](https://hackerone.com/reports/398797)
Please wait...
Page is in error, reload to recover