Synopsis
The remote web server can be accessed with default credentials.
Description
The Sambar webserver is running.
It provides a web interface for configuration purposes.
The admin user has no password and there are some other default users without passwords.
Everyone could set the HTTP-Root to c:\ and delete your files!
*** this may be a false positive - go to http://the_server/sysadmin/ and verify it yourself.
Solution
Change the passwords via the webinterface
Plugin Details
File Name: sambar_sysadmin.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/sambar
Vulnerability Publication Date: 6/10/1998
Reference Information
BID: 2255