NIST points out that developers ship system components with factory default authentication credentials to allow for initial installation and configuration. Default authentication credentials are often well known, easily discoverable, and present a significant security risk. (Source)
- CIRT.net – Default Password Database
Consolidation of default passwords for commercial software and hardware products.
- CyberAssist – Secure Configurations
- SANS Whitepaper – Vendor-Supplied Backdoor Passwords – A Continuing Vulnerability
This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware.
- US-CERT – Risks of Default Passwords on the Internet
US-CERT alert that reviews the risk associated with default passwords on internet-connected systems.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3 and Level 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items. This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application. This link discusses the process of testing web applications for default credentials.