Task 19: [Severity 6] Security Misconfiguration
It include:
- Poorly configured permissions on cloud services, like S3 buckets
- Having unnecessary features enabled, like services, pages, accounts or privileges
- Default accounts with unchanged passwords
- Error messages that are overly detailed and allow an attacker to find out more about the system
- Not using HTTP security headers, or revealing too much detail in the Server: HTTP header
Try default credentials like admin:password; admin:admin; administrator:password, etc. None of them works.
Try searching for default credentials for pensive notes application on google.
use pensive: PensiveNotes to login.
