216.73.216.133

T1694.001: Default Credentials

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:54 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T1694.001
Confidence
75/100
Revoked
No
Published
20/04/2026 22:54
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may leverage manufacturer or supplier set default credentials on control system devices. These default credentials may have administrative permissions and may be necessary for initial configuration of the device. It is general best practice to change the passwords for these accounts as soon as possible, but some manufacturers may have devices that have passwords or usernames that cannot be changed.(Citation: Keith Stouffer May 2015) Default credentials are normally documented in an instruction manual that is either packaged with the device, published online through official means, or published online through unofficial means. Adversaries may leverage default credentials that have not been properly modified or disabled.

Kill chain phases

Kill chainPhase
mitre-ics-attack-v19 lateral-movement
mitre-ics-attack lateral-movement
mitre-ics-attack persistence
mitre-ics-attack-v19 persistence

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references