Detections
Analytics
A-A-S Application Access Server Default Admin Password
critical Nessus Plugin ID 38761
Language:
Synopsis
The remote web server is protected using default credentials.Description
The remote installation of A-A-S Application Access Server is configured to use default credentials to control administrative access.Knowing these, an attacker can gain administrative control of the affected application and host.
Solution
Change the password for the 'admin' user.See Also
https://www.securityfocus.com/archive/1/503434/30/0/threaded
Plugin Details
Severity: Critical
ID: 38761
File Name: aas_default_creds.nasl
Version: 1.15
Type: remote
Family: Web Servers
Published: 5/14/2009
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.1
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only
Exploit Ease: No exploit is required
Reference Information
CVE: CVE-2009-1465
BID: 34911
CWE: 255