Compaq Web-enabled Management Software Default Account

high Nessus Plugin ID 11879

Language:

Synopsis

The remote host has a web-enabled management application that uses default login credentials.

Description

The Compaq Web-based Management / HP System Management Agent active on the remote host is configured with the default, or a predictable, administrator password. Depending on the agents integrated, this allows an attacker to view sensitive and verbose system information, and may even allow more active attacks such as rebooting the remote system. Furthermore, if an SNMP agent is configured on the remote host it may disclose the SNMP community strings in use, allowing an attacker to set device configuration if the 'write' community string is uncovered.

Solution

Set a strong password for the administrator account.

Plugin Details

Severity: High

ID: 11879

File Name: compaq_web_mgmt_password.nasl

Version: 1.23

Type: remote

Family: Web Servers

Published: 10/13/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 1/15/2004

Detections

Analytics