Sensitive Data: Gitlab Default Login¶
Identifier:
gitlab_weak_login
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
GitLab instances configured with default login credentials are vulnerable to unauthorized access, potentially allowing attackers to gain control over the GitLab instance.
How we test: We test for default GitLab login credentials by attempting to authenticate using common default username and password combinations and analyzing responses to detect if default credentials are still in use.
Reference:
- https://twitter.com/0xmahmoudJo0/status/1467394090685943809
- https://git-scm.com/book/en/v2/Git-on-the-Server-GitLab
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.