Ariel FTP Server Default 'document' Account

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote FTP server can be accessed with a known login and password
pair.

Description :

The remote host is an Ariel FTP server. Ariel is a document
transmission system mostly used in the academic world.

Nessus was able to log into the remote FTP server by connecting as the
user 'document' (or 'ariel4') and with a hex-encoded password based on
the IP address of the host the user is connecting from.

An attacker could log into the server and obtain the files from the
print queue or use the remote storage space for anything else.

Solution :

Filter incoming traffic to this port.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FTP

Nessus Plugin ID: 22870 (ariel_default_account.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now