NASLDB: Scrutinizer Default Credentials Check
General
ID: 61597
Name: Scrutinizer Default Credentials Check
Summary: Tries to login using default credentials
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:ND/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
The Scrutinizer install on the remote host is using default credentials
for the ‘admin’ user. Using these credentials, it is possible to login
and gain access to the back end administrative interface.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: –
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2012/08/20
Plugin
Version: 1.1
Filename: scrutinizer_default_creds.nasl
Filesize: 3249 bytes
MD5 Hash: d469e08d8623dbf984a129236f071916
Identification: –
Require Keys: www/scrutinizer_netflow_sflow_analyzer
Dependencies: "scrutinizer_detect.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack