Detections
Analytics
NolaPro Default Credentials
high Nessus Plugin ID 46704
Language:
Synopsis
The remote web server is hosting a web application that uses default login credentials.Description
The installation of NolaPro on the remote web server uses the default username and password to control access to its administrative console.Knowing these, an attacker can gain administrative control of the affected application.
Solution
Log in via the administrative interface and change the password for the 'admin' account.Plugin Details
Severity: High
ID: 46704
File Name: nolapro_default_creds.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 5/24/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP, www/nolapro
Excluded KB Items: global_settings/supplied_logins_only