NAS4Free Web UI Default Credentials

critical Nessus Plugin ID 73685

Synopsis

A web application on the remote host is protected using default credentials.

Description

The NAS4Free web interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface, which could allow arbitrary command execution via exec.php.

Solution

Secure the 'admin' user account with a strong password.

See Also

http://www.nessus.org/u?9b4a9690

Plugin Details

Severity: Critical

ID: 73685

File Name: nas4free_default_creds.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 4/14/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:nas4free:nas4free

Required KB Items: www/nas4free

Excluded KB Items: global_settings/supplied_logins_only