From 1cc281b40ea85d2b0fef0ef22f75902bd50b5d5e Mon Sep 17 00:00:00 2001
From: Josh Grossman <tghosth@users.noreply.github.com>
Date: Fri, 22 Nov 2024 12:01:19 +0200
Subject: [PATCH] Move default accounts to 14.1 to resolve #2394 (#2403)

---
 5.0/en/0x11-V2-Authentication.md | 2 +-
 5.0/en/0x22-V14-Config.md        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/5.0/en/0x11-V2-Authentication.md b/5.0/en/0x11-V2-Authentication.md
index faca928fc6..087344e9ec 100644
--- a/5.0/en/0x11-V2-Authentication.md
+++ b/5.0/en/0x11-V2-Authentication.md
@@ -126,7 +126,7 @@ The requirements in this section mostly relate to section [5.1.1.2](https://page
 | **2.5.1** | [DELETED, INCORRECT] | | | | |
 | **2.5.2** | Verify password hints or knowledge-based authentication (so-called "secret questions") are not present. | ✓ | ✓ | ✓ | 640 |
 | **2.5.3** | [DELETED, DUPLICATE OF 2.4.1] | | | | |
-| **2.5.4** | [MODIFIED] Verify that default user accounts (e.g. "root", "admin", or "sa") are not present in the application or are disabled. | ✓ | ✓ | ✓ | 798 |
+| **2.5.4** | [MOVED TO 14.1.10] | | | | |
 | **2.5.5** | [DELETED, DUPLICATE OF 2.2.3] | | | | |
 | **2.5.6** | [GRAMMAR] Verify that forgotten password, and other recovery paths use a secure recovery mechanism, such as time-based OTP (TOTP) or other soft token, mobile push, or another offline recovery mechanism. | ✓ | ✓ | ✓ | 640 |
 | **2.5.7** | [GRAMMAR, LEVEL L2 > L1] Verify that if OTP or other multi-factor authentication factors are lost, that evidence of identity proofing is performed at the same level as during enrollment. | ✓ | ✓ | ✓ | 308 |
diff --git a/5.0/en/0x22-V14-Config.md b/5.0/en/0x22-V14-Config.md
index de156bfa1b..64b5bb9d2a 100644
--- a/5.0/en/0x22-V14-Config.md
+++ b/5.0/en/0x22-V14-Config.md
@@ -42,6 +42,7 @@ Compliance with this section requires an automated build system, and access to b
 | **14.1.7** | [ADDED] Verify that production environment does not include test code. | | ✓ | ✓ | 489 |
 | **14.1.8** | [ADDED] Verify that data, state information, and server instances related to the build and deployment process do not persist after the process has ended. (Ephemerality). | | | ✓ | |
 | **14.1.9** | [ADDED] Verify that application code or functionality can only be changed via the standard update or build process and not directly in production through application functionality or some other direct modification mechanism. | | ✓ | ✓ | |
+| **14.1.10** | [MODIFIED, MOVED FROM 2.5.4] Verify that default user accounts (e.g. "root", "admin", or "sa") are not present in the application or are disabled. | ✓ | ✓ | ✓ | 798 |
 
 ## V14.2 Dependency