Plumtree Portal Default Credentials

high Nessus Plugin ID 28373

Synopsis

The remote web portal is protected with default credentials.

Description

The remote host is running Plumtree portal, a corporate web portal.

The remote installation of the Plumtree portal is configured to use default credentials to control administrative access. Knowing these, an attacker can gain control of the affected application.

Solution

Assign a password to the 'Administrator' account.

Plugin Details

Severity: High

ID: 28373

File Name: plumtree_portal_default_creds.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 12/2/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only