H3-2021-0012¶

Weak or Default Credentials - FTP

Description¶

Weak credentials include passwords that are easily obtained by password guessing, password spraying, or cracked using dictionary attacks. Default passwords are publicly known and obtainable by an attacker and provide immediate access to a system.

Impact¶

An attacker can openly maneuver throughout an environment and access information if a password is compromised.

References¶

• CWE-521: Weak Password Requirements
• MITRE ATT&CK Technique: T1110: Brute Force
• MITRE ATT&CK Technique: T1078.001: Valid Accounts: Default Accounts