Default credentials haunt organizations. Whether they're used to gain access or escalate privileges, default credentials lurk in the corners most organizations. To combat this attack, organizations leverage commercial vulnerability scanners. However in my research, most commercial scanners fall short and can leave your organization vulnerable to attack while giving you a false sense of security.
This presentation will cover my research into the efficacy of commercial vulnerability scanners to detect default passwords and present my open source tool, changeme (https://github.com/ztgrace/changeme), for improving the detection of default credentials. I'll be releasing version 1.0 of changeme at DerbyCon.