Synopsis
The remote web service is protected with default credentials.
Description
The remote host is running Computer Associates' Host-Based Intrusion Prevention System (CA HIPS) Server, an intrusion prevention system for Windows.
The remote installation of CA HIPS Server is configured to use default credentials to control access. Knowing these, an attacker can gain control of the affected application.
Solution
Change the password for the 'admin' account by logging into the CA HIPS server, navigating to 'Global Settings / Administrators', and editing the 'admin' account.
Plugin Details
File Name: ca_hips_default_creds.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only