Default Password (m) for 'root' Account

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote system can be accessed with a default account.

Description :

The account 'root' on the remote host has the password 'm'.

An attacker may leverage this issue to gain access to the affected
system.

Note that some Camtron IP cameras are reported to use these
credentials by default.

See also :

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0128.html

Solution :

Either set a strong password for this account, disable it, or use
ACLs to restrict access to the host.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Default Unix Accounts

Nessus Plugin ID: 50601 ()

Bugtraq ID: 44841

CVE ID: CVE-1999-0502
CVE-2010-4233

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial