Default Password (0000) for 'user' on WIP5000 IP Phone

high Nessus Plugin ID 34218

Language:

Synopsis

The remote IP phone has a default password set for the 'user' user.

Description

The remote host is a WIP5000 VOIP phone. The remote host has the default password set for the 'user' user ('0000').

An attacker may connect to it and get useful information about the phone book of the remote phone using this account.

Solution

Connect to this port with a web browser and set a strong password, or change the password from the handheld device directly.

Plugin Details

Severity: High

ID: 34218

File Name: wip5000_default_user_password.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 9/16/2008

Updated: 8/7/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics