VICIDIAL Call Center Suite Default Administrative Credentials

high Nessus Plugin ID 38890

Language:

Synopsis

The remote web application is protected using default credentials.

Description

The remote host is running the VICIDIAL Call Center Suite, a set of programs for Asterisk that act as a complete call center suite.

The remote installation of VICIDIAL is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application.

Solution

Change the password for the admin user.

Plugin Details

Severity: High

ID: 38890

File Name: vicidial_default_admin_creds.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 5/26/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only

Detections

Analytics