Insecure Defaults

What and how

Insecure defaults is is a security weakness where a system, application, or device ships with default configurations, settings, or credentials that are not secure. This often includes:

• Default usernames and passwords (e.g., admin/admin, root/root) left unchanged.

• Unrestricted services or ports enabled by default.

• Overly permissive access controls that grant users or processes more privileges than necessary.

• Weak cryptographic settings (e.g., supporting outdated protocols like SSLv2, weak ciphers).

• Unnecessary features enabled, increasing the attack surface.

Search for hardcoded credentials / API keys or other information that can be useful to us by default.