NAS4Free Web UI Default Credentials

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A web application on the remote host is protected using default
credentials.

Description :

The NAS4Free web interface on the remote host has the 'admin' user
account secured with the default password. A remote, unauthenticated
attacker could exploit this to gain administrative access to the web
interface, which could allow arbitrary command execution via exec.php.

See also :

http://www.nessus.org/u?9b4a9690

Solution :

Secure the 'admin' user account with a strong password.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: CGI abuses

Nessus Plugin ID: 73685 ()

Bugtraq ID:

CVE ID: