NAS4Free Web UI Default Credentials

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

A web application on the remote host is protected using default

Description :

The NAS4Free web interface on the remote host has the 'admin' user
account secured with the default password. A remote, unauthenticated
attacker could exploit this to gain administrative access to the web
interface, which could allow arbitrary command execution via exec.php.

See also :

Solution :

Secure the 'admin' user account with a strong password.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: CGI abuses

Nessus Plugin ID: 73685 ()

Bugtraq ID: