The application or its components are deployed with default credentials (e.g., admin/admin, admin/password) that have not been changed from their factory settings.
An attacker could gain full administrative access using publicly known default credentials, leading to complete system compromise, data breach, or service disruption.
Force credential changes during initial setup. Remove or disable default accounts. Implement credential checks against lists of known default passwords. Conduct regular audits for default credentials across all components.