Sun Java System Identity Manager Default Credentials

high Nessus Plugin ID 35105

Language:

Synopsis

The remote web application is protected with default credentials.

Description

The remote installation of Sun Java System Identity Manager is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application.

Solution

Change the password for the 'Configurator' user.

Plugin Details

Severity: High

ID: 35105

File Name: sun_idm_default_creds.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 12/15/2008

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics