Description

This web application is configured to use default or weak credentials.

Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.

Remediation

Change credentials for this web application. Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.

References

Wikipedia - Password strength

Authentication Hacking Attacks

Related Vulnerabilities

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.1)

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.1)

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration Weak Credentials Bruteforce Possible