Detections
Analytics

IBM Tivoli Management Framework Endpoint addr URL Default Credentials

high Nessus Plugin ID 54987

Language:

Synopsis

It is possible to authenticate to the remote server using the default credentials.

Description

The remote Tivoli Endpoint installation is secured by default credentials. Nessus is able to make authenticated requests to '/addr' by using the username 'tivoli' and password 'boss', which are hard-coded in the server executable.

A remote, unauthenticated attacker could change the endpoint's configuration or disable the web interface by using these default credentials.

Solution

Disable the ability to change endpoint configuration from the browser using the 'http_disable' configuration setting. Refer to the IBM documentation for more information.

See Also

http://www.nessus.org/u?931779eb

Plugin Details

Severity: High

ID: 54987

File Name: tivoli_endpoint_default_creds.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 6/7/2011

Updated: 8/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_management_framework

Required KB Items: www/tivoli_endpoint

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/7/2011

Exploitable With

Metasploit (IBM Tivoli Endpoint Manager POST Query Buffer Overflow)