APC SmartSlot Web/SNMP Management Card Default Password

critical Nessus Plugin ID 12066

Language:

Synopsis

The remote host has a default password set.

Description

The remote APC Smartslot Web/SNMP Management card ships with a default username and password. An attacker can use this information to access the remote APC device with any username and the factory password 'TENmanUFactOryPOWER'.

Solution

Upgrade the firmware according to the APC recommendations.

See Also

http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129

https://seclists.org/bugtraq/2004/Feb/456

https://seclists.org/bugtraq/2004/Feb/512

https://seclists.org/bugtraq/2004/Feb/514

Plugin Details

Severity: Critical

ID: 12066

File Name: apc_smartslot_factory_password.nasl

Version: 1.18

Type: remote

Family: Misc.

Published: 2/18/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/18/2004

Reference Information

CVE: CVE-2004-0311

BID: 9681

Secunia: 10905