Skip to content

Access Control: Default Credentials Used¶

Identifier: default_credentials_used

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Services configured with default or anonymous credentials expose data to unauthorized users and can be used as a pivot for lateral movement.

How we test: For each detected technology exposing an authentication endpoint (e.g. FTP, SSH, databases), we attempt to authenticate using common default username/password pairs and known anonymous accounts. If authentication succeeds, we report the vulnerability.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  default_credentials_used:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.