Detections
Analytics
Default Credentials
Description
Adversaries may leverage manufacturer or supplier set default credentials on control system devices. These default credentials may have administrative permissions and may be necessary for initial configuration of the device. It is general best practice to change the passwords for these accounts as soon as possible, but some manufacturers may have devices that have passwords or usernames that cannot be changed.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Computer | Active vulnerabilities detected by Tenable Vulnerability Management plugins | ||||
| Tenable OT Security | OT Device | Active vulnerabilities detected by detected by Tenable OT Security plugins |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Lateral Movement
Technique: Default Credentials
Sub-Technique: Default Credentials
Platform: None
Products Required: Tenable Vulnerability Management and Tenable OT Security
Tenable Release Date: 2024 Q2