Detections
Analytics

ManageEngine Applications Manager Default Administrator Credentials

high Nessus Plugin ID 63158

Language:

Synopsis

A web application running on the remote host is protected using default administrative credentials.

Description

The ManageEngine Applications Manager running on the remote host uses a default set of credentials ('admin' / 'admin') to control access to its management interface. An attacker can exploit this to gain administrative access to the application.

Solution

Log into the application and personalize the account to change the default login credentials.

See Also

https://www.manageengine.com/products/applications_manager/

Plugin Details

Severity: High

ID: 63158

File Name: manageengine_applications_manager_default_creds.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 12/5/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:manageengine:applications_manager

Required KB Items: installed_sw/ManageEngine Applications Manager

Excluded KB Items: global_settings/supplied_logins_only