Making a post just to clarify an issue I experienced in the “Broken Authentication” Module. The Default Credentials page in the Login Bruteforcing segment of the module has a challenge that requires you to use default credentials to log in via a web form.
DO NOT use scada-pass.csv located here SecLists/Passwords/Default-Credentials at master · danielmiessler/SecLists · GitHub. I spent hours on this challenge when it turns out this file does not have the username you need to complete the challenge. The only place I could find that does is this website SCADA Default Password List (scadasecuritybootcamp.com)