Broken Authentication - Default Credentials Challenge

Making a post just to clarify an issue I experienced in the “Broken Authentication” Module. The Default Credentials page in the Login Bruteforcing segment of the module has a challenge that requires you to use default credentials to log in via a web form.

DO NOT use scada-pass.csv located here SecLists/Passwords/Default-Credentials at master · danielmiessler/SecLists · GitHub. I spent hours on this challenge when it turns out this file does not have the username you need to complete the challenge. The only place I could find that does is this website SCADA Default Password List (


Had the same problem. Username is valid, but password is not, so I couldn’t test the python script from this module

ya, do not use that list. Google it and found this one useful

1 Like

Cheers I was there and tried all kind of manipulation of text in the csv file - good to know thnaks for sharing.