Default Password (nsroot) for 'nsroot' Account

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote system can be accessed with a default account.

Description :

The account 'nsroot' on the remote host has the password 'nsroot'.

An attacker may leverage this issue to gain administrative access to
the affected system.

Note that Citrix NetScaler appliances are known to use these
credentials to provide complete, administrative access to the Citrix
NetScaler appliance.

See also :

http://www.nessus.org/u?74336bf9

Solution :

If the host is a Citrix NetScaler, reset the nsroot password.

Otherwise, set a strong password for this account or use ACLs to
restrict access to the host.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Default Unix Accounts

Nessus Plugin ID: 66393 ()

Bugtraq ID:

CVE ID: CVE-1999-0502