During a post-deployment audit, a cybersecurity analyst logs in to an internal business application and notices that the administrative interface still accepts the factory-set username and password documented by the vendor. From the perspective of vulnerability classification, which type of weakness is being observed?
Leaving default credentials in place after installation exposes systems because attackers routinely harvest vendor documentation to obtain these well-known usernames and passwords. This lapse is a configuration issue rather than a flaw in code logic or memory handling. It illustrates the security misconfiguration category, which covers improperly set, maintained, or reviewed settings that weaken the system's defense posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are default credentials, and why are they a security risk?
Open an interactive chat with Bash
What are some examples of security misconfigurations besides default credentials?
Open an interactive chat with Bash
How can organizations prevent security misconfigurations?