Detections
Analytics
Brightmail Control Center Default Password (symantec) for 'admin' Account
high Nessus Plugin ID 19598
Language:
Synopsis
The remote server uses known authentication credentials.Description
The remote host is running Symantec's Brightmail Control Center, a web-based administration tool for Brightmail AntiSpam.The installation of Brightmail Control Center on the remote host still has an account 'admin' with the default password 'symantec'. An attacker can exploit this issue to gain access of the Control Center and any scanners it controls.
Solution
Log in to the Brightmail Control Center and change the password for the 'admin' user.Plugin Details
Severity: High
ID: 19598
File Name: brightmail_antispam_default_password.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 9/8/2005
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only