Default Password
The Default Password page contains a list of default vendor credentials. These well-known credentials should never be used in production. During device discovery FortiSIEM checks if the device credentials are still set to default, and the system rule Default Password Detected by System
triggers an incident if they are.
A sample raw event log for a default password incident:
<174>Oct 20 22:50:03 [PH_AUDIT_DEFAULT_PWD_MATCH]:[phEventCategory]=2,[appTransportProto]=SNMP,[reptModel]=Firewall-1 SPLAT,[srcIpAddr]=192.168.19.195,[phCustId]=1,[sessionId]=0f8bdee2b6a265c4bd075fc777ed,[procName]=AppServer,[reptVendor]=Checkpoint,[hostIpAddr]=172.16.0.1,[hostName]=SJ-QA-F-Lnx-CHK,[eventSeverity]=PHL_INFO,[user]=,[phLogDetail]=Default password matches for the same composite key (Vendor, Model, Access method, User Name, Password)
The following sections describe about using a Default Password: