GlassFish admin console weak credentials

Description

The GlassFish Admin Console is protected with weak or default credentials. Acunetix WVS was able to guess the username and password required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.

Remediation

Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.

References
Severity
Classification
Tags
  • Information Disclosure  Configuration  Weak Credentials