Sensitive Data: GLPI Default Login¶

Identifier: glpi_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

GLPI IT service management platform may be accessible with default credentials, allowing unauthorized access to IT asset management, ticketing system, and administrative functions.

How we test: We attempt to authenticate to the GLPI interface using common default username and password combinations, including the default super admin account (glpi/glpi). If authentication succeeds, we report the vulnerability.

Reference:

https://glpi-project.org/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  glpi_default_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.