CWE-1392 Use of Default Credentials
Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged use of default credentials (factory usernames/passwords, "admin/admin", hardcoded initial passwords) that can be guessed or found in public documentation.
Why it matters
Default credentials are publicly known and commonly abused.
- Automated compromise: scanners routinely try default passwords.
- Instant admin access in many systems once defaults are found.
- Defaults often linger in staging and then drift into production.
Safer examples
1) Remove default creds and force setup on first run
Require the operator to set a strong password (or create a first user) during initialization.
2) Generate random initial secrets
If you need a bootstrap credential, generate it randomly and display it once, with rotation required.
3) Enforce policy + monitoring
- Block common passwords
- Rate-limit login
- Alert on repeated failed logins
How SiteShadow detects it (high level)
- Flags known default-credential strings and "first-run admin" patterns.
- Uses heuristic matching for "admin/password" pairs in configs and docs-like code.
References
- CWE-1392: https://cwe.mitre.org/data/definitions/1392.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.