Chapter 9

Requirement 2

Vendor-Supplied Defaults, System Passwords, and Security Parameters

Vendor-supplied default passwords, or default passwords by any margin, are the cause of multiple security vulnerabilities in an organization. System components like servers, network devices, etc., have default credentials and default security parameters. These default credentials are known publicly, as the component vendor publishes them along with default security parameters. These configurations are meant to be changed by an organization upon deployment. However, often these configurations are not changed, and attackers are able to execute powerful attacks against these components and, consequently, the organization and its cardholder-data environment. ...

Get PCI Compliance now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.