Use the following guidelines to disable or delete default accounts, or change all default passwords that are shipped with the product or created as part of the installation process:

• Delete user accounts that are not needed as part of the installation process, after installation, after deployment, or manually.

• Some application frameworks and other third-party packages contain databases and configuration files with default accounts and passwords.

  - For user accounts that are needed for continuous administration or functioning of the application, ensure that all of the libraries have default passwords changed to strong alternatives.
  - Administrators may miss changing some passwords prior to deployment because configuration files aren't covered in a typical hardening process.
  

• The application must change, or remove, development and test accounts and passwords before they become active.

  - Initiate a procedure through the installer that forces administrative users to change all default passwords for any accounts created and managed during or after installation.
  

• Don't use default authentication credentials or keys for built-in accounts to protect the storage and transmission of sensitive data.

• Implement mechanisms to prevent unauthorized access, exposure, or modification of critical assets, where limiting access is not possible. For example, due to the architecture of the solution or the execution environment in which the software is executed.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T61/