WebLogic admin console weak credentials
Description
The WebLogic Administration Console is secured with weak, default, or easily guessable credentials. The scanner successfully authenticated to the console using common username and password combinations. Weak credentials include default vendor passwords, dictionary words, short passwords, or predictable patterns that can be compromised through automated brute-force attacks or credential stuffing.
Remediation
Immediately change the WebLogic Console credentials to strong, unique passwords. Implement the following security measures:
1. Change default credentials: Replace all default usernames (such as 'weblogic', 'system', 'admin') and passwords immediately after installation.
2. Enforce strong password policy: Require passwords that are at least 12 characters long and contain a mix of uppercase letters, lowercase letters, numbers, and special characters. Prohibit dictionary words, usernames, and common patterns.
3. Implement account lockout: Configure the WebLogic security realm to lock accounts after a specified number of failed login attempts to prevent brute-force attacks.
4. Enable multi-factor authentication (MFA): Where possible, implement MFA for console access to add an additional layer of security beyond passwords.
5. Restrict network access: Limit console access to trusted IP addresses or networks using firewall rules or WebLogic connection filters. Do not expose the administration console to the public internet.
6. Regular password rotation: Establish a policy requiring periodic password changes for administrative accounts.
7. Monitor and audit: Enable logging for all console access attempts and regularly review logs for suspicious activity.