Geronimo Console Default Credentials

high Nessus Plugin ID 20736

Language:

Synopsis

The administration console for the remote web server is protected with default credentials.

Description

The remote host appears to be running Geronimo, an open source J2EE server from the Apache Software Foundation.

The installation of Geronimo on the remote host uses the default username and password to control access to its administrative console. Knowing these, an attacker can gain control of the affected application.

Solution

Alter the credentials in 'var/security/users.properties' or when deploying Geronimo.

Plugin Details

Severity: High

ID: 20736

File Name: geronimo_console_default_creds.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 1/18/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apache:geronimo

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics