Synopsis
The remote web application is protected using default credentials.
Description
The remote host is running CrashPlan or CrashPlan PRO Server, the server component of CrashPlan, a cross-platform backup application.
The remote installation of CrashPlan Server is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application.
Solution
Change the password for the admin user.
Plugin Details
File Name: crashplan_server_default_creds.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only