Profile Applicability:

  • Level 1

Description:

Changing the default administrator login names and passwords for applications is an essential security measure. Default credentials are often well-known and can be easily exploited by attackers. Ensuring that these credentials are customized reduces the risk of unauthorized access to your applications.

Rationale:

Default usernames and passwords are often publicly known and commonly targeted by attackers. Changing these to unique, strong credentials minimizes the risk of unauthorized access and helps to secure the application from potential breaches. This practice is critical for preventing unauthorized administrative access and maintaining the confidentiality and integrity of the system.

Impact:

Pros:

  • Enhanced Security: Prevents attackers from exploiting default credentials to gain unauthorized access.

  • Reduced Risk of Data Breaches: Protects against unauthorized access that could lead to data theft or loss.

  • Improved Compliance: Changing default credentials is often a requirement for security compliance frameworks such as SOC 2, ISO 27001, and HIPAA.

Cons:

  • Initial Configuration: Requires time and effort to identify and change the default credentials for each application.

  • Ongoing Management: Admin credentials need to be carefully managed and documented to avoid being lost or forgotten.

  • Potential for Misconfiguration: If credentials are not changed properly, access issues may occur that can hinder application functionality.

Default Value:

By default, many applications come with preset administrative usernames and passwords. These defaults need to be changed to secure, strong, and unique credentials.

Pre-requisites:

  • Administrative access to the application or system.

  • A secure process to document and store new usernames and passwords.

  • Sufficient permissions to change the login credentials within the application or operating system.

Remediation:

Test Plan:

Using AWS Console:

  1. Log in to the application using the default administrator credentials.

  2. Navigate to the User Management or Settings section of the application.

  3. Find the Admin or Administrator Account settings.

  4. Change the username and password to strong, unique values. Ensure that the new credentials meet security requirements (e.g., minimum length, complexity).

  5. Save the new credentials and log out of the application.

  6. Log in again using the new administrator credentials to ensure that the change was successful.

  7. Repeat this process for each application with default credentials.

Using AWS CLI:

  1. Identify the default username and password stored in the application’s configuration files or database.

  2. Use the appropriate command to change the administrator login name and password.

     sudo usermod -l new_admin_username old_admin_username
sudo passwd new_admin_username

Implementation Plan:

Using AWS Console:

  1. Log in to the application using the default administrator credentials.

  2. Navigate to the User Management or Settings section and locate the Admin settings.

  3. Change the default username and password to a unique, strong set of credentials that meet your security policies.

  4. Save and confirm the changes.

  5. Test the login functionality with the new credentials.

  6. If the application is used by multiple administrators, ensure that the new credentials are securely communicated to the authorized personnel.

Using AWS CLI:

  1. Access the system or application configuration files where the default credentials are stored.

  2. Change the default administrator username and password to strong and unique values.

  3. Restart the application or system to apply the new credentials.

  4. Test the application to ensure the new credentials are working as expected.

Backout Plan:

Using AWS Console:

  1. If issues arise with the new credentials, revert to the default username and password, if still accessible.

  2. If not, use backup credentials or system-level access to reset the username and password.

  3. Verify that the application is functioning as expected after reverting the changes.

Using AWS CLI:

  1. If the new credentials cause login issues, restore the original administrator username and password from system backups or configuration files.

  2. Test the login functionality to ensure that the application is accessible with the original credentials.

  3. If backups are unavailable, use recovery mechanisms (e.g., root access or safe mode) to reset the credentials.

References:

CIS Controls:

Version

Control ID

Control Description

v8

4.2

Ensure that default administrator passwords and usernames are changed to unique, strong credentials.

v7

5.3

Enforce strong password policies to mitigate unauthorized access through default credentials.