Detections
Analytics

ManageEngine Security Manager Plus Default Administrator Credentials

high Nessus Plugin ID 63205

Language:

Synopsis

A web application is protected using default administrative credentials.

Description

The remote ManageEngine Security Manager Plus install uses a default set of credentials ('admin' / 'admin') to control access to its management interface.

With this information, an attacker could gain administrative access to the application.

Solution

Log into the application and personalize the account to change the default login credentials.

See Also

https://www.manageengine.com/secure-browser/

Plugin Details

Severity: High

ID: 63205

File Name: manageengine_security_manager_default_creds.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 12/10/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/a:zohocorp:manageengine_security_manager_plus

Required KB Items: www/manageengine_security_manager

Excluded KB Items: global_settings/supplied_logins_only