Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Default Credentials
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Default Credentials
This page lists
33 vulnerabilities
in this category.
Critical: 1
High: 18
Medium: 12
Low: 1
Information: 1
Vulnerability Name
CVE
CWE
Severity
ASP.NET ViewState Weak Validation Key
-
CWE-321
Critical
Weak Secret is Used to Sign JWT
-
CWE-345
High
Unrestricted access to Haproxy Data Plane API
-
CWE-200
High
Apache Airflow default credentials
-
CWE-798
High
RethinkDB administrative interface publicly exposed
-
CWE-200
High
SonarQube default credentials
-
CWE-798
High
Apache Tapestry weak secret key
-
CWE-693
High
Ruby framework weak secret key
-
CWE-693
High
Oracle PeopleSoft SSO weak secret key
-
CWE-693
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Oracle Business Intelligence default administrative credentials
-
-
High
phpLiteAdmin default password
-
CWE-200
High
BottlePy weak secret key
-
CWE-693
High
Ruby on Rails weak/known secret token
CVE-2013-0156
CWE-200
High
Apache Geronimo default administrative credentials
-
CWE-693
High
OSGi Management Console Default Credentials
-
CWE-521
High
Apache ActiveMQ default administrative credentials
-
-
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Apache Tomcat insecure default administrative password
CVE-2009-3548
CWE-284
High
Laravel framework weak secret key
-
CWE-693
Medium
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112)
CVE-2022-24112
CWE-259
Medium
Pyramid framework weak secret key
-
CWE-693
Medium
Play framework weak secret key
-
CWE-693
Medium
Django weak secret key
-
CWE-693
Medium
Yii2 weak secret key
-
CWE-693
Medium
Web2py weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Tornado weak secret key
-
CWE-693
Medium
Mojolicious weak secret key
-
CWE-693
Medium
Flask weak secret key
-
CWE-693
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
WordPress default administrator account
-
CWE-16
Low
Express express-session weak secret key
-
CWE-693
Information
