F5 Device Default Support Password

This script is Copyright (C) 2001-2014 Digital Defense Inc.


Synopsis :

The remote service is protected with default administrative
credentials.

Description :

The remote F5 Networks device has the default password set for the
'support' user account. This account normally provides read/write
access to the web configuration utility. An attacker could take
advantage of this to reconfigure your systems and possibly gain shell
access to the system with super-user privileges.

Solution :

Remove the 'support' account entirely or change the password of this
account to something that is difficult to guess.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 10820 (DDI_F5_Default_Support.nasl)

Bugtraq ID:

CVE ID: CVE-1999-0508