Category: PCI DSS Requirement 2
Do not use vendor-supplied defaults for system passwords and other security parameters.
PCI DSS Requirement 2 relates to individuals with malicious intent or hackers who will first attempt to use typical vendor default usernames and passwords as well as other vendor default settings or configurations in order to compromise an entities environment, in the search for sensitive cardholder data. These default usernames, passwords and settings are trivially known and shared by hacker communities. These malicious individuals or hackers will attempt to compromise the environment from both the external as well as internal perspective, thus all aspects of an entity must be protected.