Sensitive Data: Apache Tomcat Manager Default Login¶
Identifier:
tomcat_default_login
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache Tomcat Manager interface may be accessible with default credentials, allowing unauthorized access to web application management functions and potentially enabling deployment of malicious applications.
How we test: We attempt to authenticate to the Apache Tomcat Manager interface using common default username and password combinations across multiple variations. If authentication succeeds, we report the vulnerability.
Reference:
- https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.