312-50V10 · Question #526
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example
The correct answer is B. Insufficient database hardening. Gaining access via default or commonly known credentials exploits insufficient database hardening, where factory-set or weak credentials were never removed or changed.
Question
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?
Options
- AInsufficient security management
- BInsufficient database hardening
- CInsufficient input validation
- DInsufficient exception handling
How the community answered
(57 responses)- A2% (1)
- B89% (51)
- C2% (1)
- D7% (4)
Why each option
Gaining access via default or commonly known credentials exploits insufficient database hardening, where factory-set or weak credentials were never removed or changed.
Insufficient security management refers to a broader organizational failure in policies, governance, and oversight - not the specific technical failure of leaving default credentials active in a database or application.
Insufficient database hardening means the database or application back-end was not secured according to best practices, including changing default credentials, disabling default accounts, and enforcing strong password policies. Leaving default or well-known passwords in place allows an attacker to authenticate without needing to exploit any logic flaw or vulnerability in the application code itself.
Insufficient input validation describes the failure to sanitize user-supplied input to prevent injection attacks such as SQL injection or XSS, which is unrelated to authenticating with default credentials.
Insufficient exception handling refers to improper error management that may expose sensitive application details, not the vulnerability arising from unchanged default login credentials.
Concept tested: Database hardening and default credential vulnerabilities
Source: https://owasp.org/www-project-top-ten/
Topics
Community Discussion
No community discussion yet for this question.