WinComLPD LPD Monitoring Server Default Credentials

high Nessus Plugin ID 30186

Synopsis

The remote service is protected with default credentials.

Description

The remote LPD Monitoring Server port is configured to use the default credentials to control access. Knowing these, an attacker can gain administrative control of the affected application.

Solution

Edit the application's 'lpdservice.ini' file and change the credentials in the 'GENERAL CONFIGURE' section. Then, restart the service to put the changes into effect.

Plugin Details

Severity: High

ID: 30186

File Name: wincomlpd_lpdservice_default_creds.nasl

Version: Revision: 1.12

Type: remote

Family: Misc.

Published: 2/6/2008

Updated: 11/29/2016

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only