## Summary: Hi jetblue Security Team. I Found that this domain `█████████` using Apache Tomcat/6.0.35 , And i was able to login to https://██████████/manager/html With default credentials `tomcat:tomcat` See the following Screenshots:- ██████████ ███ ## Steps To Reproduce: 1. Go To https://███████/manager/html 2. Login with default creds `tomcat:tomcat` ## Supporting Material/References: - https://book.hacktricks.xyz/pentesting/pentesting-web/tomcat ## Impact Improper Authentication Default Credentials lead to access admin manager. ##Fix:- - Change default creds.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Improper Authentication - Generic