Skip to content

Sensitive Data: Jenkins Default Login

Identifier: jenkins_weak_password

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Jenkins instances configured with default admin:admin credentials are vulnerable to unauthorized access, potentially allowing attackers to gain control over the Jenkins instance.

How we test: We test for default Jenkins login credentials by attempting to authenticate using the admin:admin combination and analyzing responses to detect if default credentials are still in use.

Configuration

Example

Example configuration:

---
security_tests:
  jenkins_weak_password:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.