Pocsag POC32 Remote Service Default Password (password)

medium Nessus Plugin ID 10341

Synopsis

The remote server gives access to protected data.

Description

It is possible to log into the remote pocsag service and view the streams of decoded pager messages using the password 'password'.

An attacker may use this problem to gain some knowledge about the computer user and then trick him by social engineering.

Solution

Change the password to a random one, or filter incoming connections to this port

Plugin Details

Severity: Medium

ID: 10341

File Name: poc32.nasl

Version: 1.20

Type: remote

Family: Misc.

Published: 3/7/2000

Updated: 7/25/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/12/2002

Reference Information

CVE: CVE-2000-0225

BID: 1032

Detections

Analytics