HP DDMI Web Interface Default Credentials

high Nessus Plugin ID 39616

Language:

Synopsis

The remote web application is protected using default credentials.

Description

The remote host is running HP Discovery & Dependency Mapping Inventory (DDMI), which is used to automate discovery and inventory of network devices.

The remote installation of HP DDMI has at least one account configured using default credentials. Knowing these, an attacker can gain access to the affected application, possibly even as an administrator.

Solution

Change the password of any reported user.

Plugin Details

Severity: High

ID: 39616

File Name: hp_ddmi_default_creds.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 7/6/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hp:discovery%26dependency_mapping_inventory

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics