SQLite Web dashboards with no login
When your software doesn't ask to set a default password...

SQLite Web is a web-based SQLite database browser written in Python.
You can load your SQLite database and compute SQL query directly from your web dashboard.
Overall it just looks like a cool web application that fits some database administrator needs,
but as the documentation suggests password setting comes with just an optional argument.
there are no default credentials and password setting is not required at all.

How can this design choice affect the security of the web? 
Who's the fool who don't set a password while exposing this product on the clearnet?

With a simple research on Hunter i have found more than 6K results during the past year.
I excluded login panels by simply excluding their h3 tag in the body.

web.title="SQLite Web" and web.body!="<h3>Login</h3>"

[*] hunter_results.png



The dashboard is really intuitive, you can import and export data, create new tables, edit data...
I'll let you imagine what a potential threat actor might do seeing all this exposed without any authentication.