Compaq Web-enabled Management Software Default Account

This script is Copyright (C) 2003-2015 SensePost

Synopsis :

The remote host has a web-enabled management application that uses
default login credentials.

Description :

The Compaq Web-based Management / HP System Management Agent active on
the remote host is configured with the default, or a predictable,
administrator password. Depending on the agents integrated, this allows
an attacker to view sensitive and verbose system information, and may
even allow more active attacks such as rebooting the remote system.
Furthermore, if an SNMP agent is configured on the remote host it may
disclose the SNMP community strings in use, allowing an attacker to set
device configuration if the 'write' community string is uncovered.

Solution :

Set a strong password for the administrator account.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.5

Family: Web Servers

Nessus Plugin ID: 11879 (compaq_web_mgmt_password.nasl)

Bugtraq ID: