Extended Description
Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations. Effectiveness: High
Ensure that product documentation clearly emphasizes the presence of default passwords and provides steps for the administrator to change them. Effectiveness: Limited
Force the administrator to change the credential upon installation. Effectiveness: High
The product administrator could change the defaults upon installation or during operation. Effectiveness: Moderate
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-1393: CWE-1393: Use of Default Password is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
If exploited, CWE-1393 (CWE-1393: Use of Default Password) it can compromise Gain Privileges or Assume Identity, leading to outcomes such as Scope: Authentication.
Recommended mitigations for CWE-1393 include: Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations. Effectiveness: High Ensure that product documentation clearly emphasizes the presence of default passwords and provides steps for the administrator to change them. Effectiveness: Limited Force the administrator to change the credential upon installation. Effectiveness: High
CWE-1393 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-1393 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.