Default Password (password) for 'root' Account

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

An administrative account on the remote host uses a weak password.

Description :

The account 'root' has the password 'password'. An attacker may use
it to gain further privileges on this system.

Note that Korenix Jetport installs are known to use these credentials
although other hosts are likely to as well as 'password' is reportedly a
common password.

See also :

http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity/

Solution :

Set a strong password for this account or disable it.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Default Unix Accounts

Nessus Plugin ID: 24745 (account_root_password.nasl)

Bugtraq ID: 20490
55196

CVE ID: CVE-1999-0502
CVE-2006-5288
CVE-2012-4577