Nortel Networks Router Unpassworded Account (User Level)

high Nessus Plugin ID 10529

Synopsis

The remote Telnet service can be accessed without a password.

Description

The remote Telnet service has an account named 'User' that does not have a password.

This issue is known to affect Nortel Networks (formerly Bay Networks) routers. And it could allow an attacker to access the router, reconfigure it to block access, and prevent its use.

Solution

Set a password for the account.

Plugin Details

Severity: High

ID: 10529

File Name: nortel_pwdless2.nasl

Version: 1.19

Type: remote

Family: Misc.

Published: 10/6/2000

Updated: 8/13/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1/1/2000