CVS pserver Brute Force Access

high Nessus Plugin ID 11384

Synopsis

The remote version control service has accounts that use default credentials.

Description

It was possible to find the public CVS repository of the remote host by searching a list of commonly used passwords and CVS repositories.
A remote attacker could exploit this to access or modify sensitive information.

Solution

Secure all accounts with strong passwords.

Plugin Details

Severity: High

ID: 11384

File Name: cvs_public_pserver.nasl

Version: Revision: 1.12

Type: remote

Family: Misc.

Published: 3/14/2003

Updated: 9/24/2012

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P