Chapter 9
Requirement 2
Vendor-Supplied Defaults, System Passwords, and Security Parameters
Vendor-supplied default passwords, or default passwords by any margin, are the cause of multiple security vulnerabilities in an organization. System components like servers, network devices, etc., have default credentials and default security parameters. These default credentials are known publicly, as the component vendor publishes them along with default security parameters. These configurations are meant to be changed by an organization upon deployment. However, often these configurations are not changed, and attackers are able to execute powerful attacks against these components and, consequently, the organization and its cardholder-data environment. ...
Get PCI Compliance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.