Vendor-Supplied Defaults, System Passwords, and Security Parameters
Vendor-supplied default passwords, or default passwords by any margin, are the cause of multiple security vulnerabilities in an organization. System components like servers, network devices, etc., have default credentials and default security parameters. These default credentials are known publicly, as the component vendor publishes them along with default security parameters. These configurations are meant to be changed by an organization upon deployment. However, often these configurations are not changed, and attackers are able to execute powerful attacks against these components and, consequently, the organization and its cardholder-data environment. ...