Rapid7 Vulnerability & Exploit Database

Web form contains password fields with default values

Back to Search

Web form contains password fields with default values

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
11/01/2004
Created
07/25/2018
Added
11/01/2004
Modified
06/20/2013

Description

A web form contains password fields that have default values. Best practices dictate that password fields should never have default values, because doing so could allow attackers to guess passwords on the site.

Solution(s)

  • http-generic-remove-password-field-defaults

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;