Skip to content

Access Control: Default SSH Credentials

Identifier: ssh_default_credentials

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

SSH servers configured with default credentials are vulnerable to unauthorized access, which can lead to complete system compromise.

How we test: We attempt to authenticate to SSH servers using common default username and password combinations. If authentication succeeds with default credentials, we report the vulnerability as it indicates a serious security misconfiguration.

Configuration

Example

Example configuration:

---
security_tests:
  ssh_default_credentials:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.