Description
Cytrix has detected a potential Default Login in your site.
Many web applications and hardware devices have default passwords for the built-in administrative accounts and to the holders of such other positions.
Expressed in common and low-strength passwords or usernames. Possibly, passwords like: ‘password’, ‘pass1234’, ‘admin’ and so on.
Although in some cases these can be randomly generated, they are often static, meaning that they can be easily guessed or obtained by an attacker.
This means that if a remote attacker gains access, they will be able to access administrative accounts.
This will give them the option to perform operations that require administrator privileges, such as editing and deleting users and files, extracting information, etc.
Recommendation
These could either be generated automatically by the application, or manually created by staff.
First of all, to prevent Default Login, make sure that there are no passwords or usernames of a weak nature on your site.
When a user is created, he must be required that his password meet advanced criteria to strengthen the password. Criteria such as an uppercase and lowercase letters, the length of the password, special characters, etc.
