Sensitive Data: Grafana Default Login¶

Identifier: grafana_default_login

Scanner(s) Support¶

Description¶

Grafana monitoring dashboard may be accessible with default admin credentials, allowing unauthorized access to dashboards, data sources, and administrative functions.

How we test: We attempt to authenticate to the Grafana login endpoint using common default username and password combinations. If authentication succeeds, we report the vulnerability.

Reference:

• https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection
• https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
• https://github.com/grafana/grafana/issues/14755

Configuration¶

Example¶

Example configuration:

---
security_tests:
  grafana_default_login:
    skip: false

Reference¶

skip¶

Type : boolean

Skip the test if true.