Detections
Analytics

SWAT Unauthenticated Access (Demo Mode)

high Nessus Plugin ID 26926

Language:

Synopsis

The remote host is running a web server for Samba administration.

Description

The remote host is running SWAT, the Samba Web Administration Tool.

The remote SWAT server appears to be running in demo mode.
In demo mode, authentication is disabled and anyone can use SWAT to modify Samba's configuration file. Demo mode should not be used on a production server.

Solution

Either disable SWAT or limit access to authorized users and ensure that it is set up with stunnel to encrypt network traffic.

See Also

https://www.samba.org/samba/docs/old/Samba3-HOWTO/SWAT.html

Plugin Details

Severity: High

ID: 26926

File Name: swat_no_auth.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 10/5/2007

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P