Sensitive Data: Apache Tomcat Manager Default Login¶

Identifier: tomcat_default_login

Scanner(s) Support¶

Description¶

Apache Tomcat Manager default login credentials were discovered. This template checks for multiple variations.

Reference:

• https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
• https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt

Configuration¶

Example¶

Example configuration:

---
security_tests:
  tomcat_default_login:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.