Default Admin Username and Password on █████ Server at █████████mil

**Description:** A ██████ Server is running at https://███mil you can access the login at https://████mil/█████████ the application is using the default "Administrator for the default organization" credentials #POC Go to https://███mil/████████ and login with *█████* ██████████ ████ ████ ## How to remediate the vulnerability Change the password of the user or disable the account ## References █████ https://cwe.mitre.org/data/definitions/521.html ##EXTRA If you have any questions or concerns regarding the above let me know! Cheers, ## Impact A Department of Defense website was misconfigured in a manner that may have allowed a malicious user to login with administrator for the default organization account credentials. ## System Host(s) ████mil ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Read the POC ## Suggested Mitigation/Remediation Actions Change the password of the user or disable the account