Skip to content

Generic Username / Password

Service Name: Generic Authentication

Service Description: Generic username and password combinations are basic authentication credentials used across various services, applications, and systems. They represent the most common form of authentication where a user identifier (username) is paired with a secret (password) to verify identity.

Service Address: Not applicable (used across multiple services)

Validation Type: API Auth

IP Allow list: Does not exist at the credential level, but may be implemented at the service level depending on the specific application.

Secret Access Scope: Grants access to the specific service or application where the credentials are valid. The scope of access depends entirely on the permissions assigned to the user account.

Secret Revokement URL: Does not exist (depends on the specific service)

Secret Example: username: admin_user123 / password: P@ssw0rd!2023

Suspicious Activity Investigation Instructions:

  • Review access logs for the service where the credentials are used

  • Check for login attempts from unusual IP addresses or locations

  • Monitor for unusual access patterns or times

  • Look for excessive failed login attempts

  • Verify if there are any unauthorized permission changes associated with the account

  • Check for unusual data access or export activities

  • Review any automated processes using these credentials for unexpected behavior

Mitigation Instructions:

  • Change the password immediately across all services where it might be used

  • Enable multi-factor authentication if available

  • Review and update the account's permissions to ensure the Principle of Least Privilege

  • Implement password rotation policies

  • Consider implementing IP restrictions if supported by the service

  • Update any applications or scripts that might be using the compromised credentials

  • Monitor the account for continued suspicious activity

  • Consider creating a new account and deprecating the compromised one

  • Review password policies and ensure they enforce strong password requirements