Default Password (changeme) for SHOUTcast Server Service Port

high Nessus Plugin ID 31098

Synopsis

The remote service is protected with default credentials.

Description

The remote SHOUTcast Server's service port is configured to use the default password to allow broadcasting content and administration. Knowing it, an attacker can gain administrative control of the affected application.

Solution

Edit the application's 'sc_serv.ini' file and change the 'Password' setting. Then, restart the service to put the change into effect.

Plugin Details

Severity: High

ID: 31098

File Name: shoutcast_service_port_default_password.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 2/18/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:nullsoft:shoutcast_server

Excluded KB Items: global_settings/supplied_logins_only