MySQL Default Account Credentials

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server has one or more sets of known credentials.

Description :

The MySQL database server listening on the remote host has one or more
known credentials.

Note that this plugin checks generically for a variety of known
account credentials. A finding involving, say, the 'scrutinizer'
account does not necessarily mean that an associated Scrutinizer
product is installed, only that Nessus was able to authenticate to the
MySQL server using the reported credentials.

See also :

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627

Solution :

Either remove the affected accounts or change the associated password.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 61696 ()

Bugtraq ID: 54731
63223

CVE ID: CVE-2012-3951
CVE-2014-3413