CWE-1393: Use of Default Password

ID CWE-1393

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 11

The product uses default passwords for potentially critical functionality.

It is common practice for products to be designed to use default passwords for authentication. The rationale is to simplify the manufacturing process or the system administrator's task of installation and deployment into an enterprise. However, if admins do not change the defaults, then it makes it easier for attackers to quickly bypass authentication across multiple organizations. There are many lists of default passwords and default-password scanning tools that are easily available from the World Wide Web.

Modes of Introduction

Phase	Note
Architecture and Design

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific
Operating_system	Not OS-Specific
Architecture	Not Architecture-Specific
Technology	Not Technology-Specific
Technology	ICS/OT

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-1392	Use of Default Credentials	Base	Simple	Incomplete

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date