Synopsis :

The remote web application uses default credentials.

Description :

Brightmail Control Center (BCC) is the administrative web interface for
Symantec Message Filter. It is possible to log into the remote BCC by
providing the default credentials. A remote attacker could exploit this
to gain administrative control of the application.

Solution :

Secure the admin account with a strong password.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true