HSQLDB Server Default Credentials

high Nessus Plugin ID 23731

Language:

Synopsis

The remote database service is using default credentials.

Description

The installation of HSQLDB on the remote host has the default 'sa' account enabled without a password. An attacker may use this flaw to execute commands against the remote host, as well as read any data it might contain.

Solution

Disable this account or assign a password to it. In addition, it is suggested that you filter incoming traffic to this port.

Plugin Details

Severity: High

ID: 23731

File Name: hsqldb_default_creds.nasl

Version: 1.16

Type: remote

Family: Databases

Published: 11/27/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: x-cpe:/a:hsqldb:hsqldb

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics