Compaq Web-enabled Management Software Default Account

This script is Copyright (C) 2004-2014 SensePost


Synopsis :

The remote host has a web-enabled management application that uses
default login credentials.

Description :

The Compaq Web-based Management / HP System Management Agent active on
the remote host is configured with the default, or a predictable,
administrator password. Depending on the agents integrated, this allows
an attacker to view sensitive and verbose system information, and may
even allow more active attacks such as rebooting the remote system.
Furthermore, if an SNMP agent is configured on the remote host it may
disclose the SNMP community strings in use, allowing an attacker to set
device configuration if the 'write' community string is uncovered.

Solution :

Set a strong password for the administrator account.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11879 (compaq_web_mgmt_password.nasl)

Bugtraq ID:

CVE ID: