Apache ActiveMQ Web Console Default Credentials

high Nessus Plugin ID 81375

Synopsis

A web application administrative console is protected using default credentials.

Description

ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was enabled by default.

Solution

Restrict access to ActiveMQ Web Console, using one of the methods described at the referenced URLs, or change the default login credentials.

See Also

http://activemq.apache.org/web-console.html

http://activemq.apache.org/getting-started.html

Plugin Details

Severity: High

ID: 81375

File Name: activemq_web_console_default_creds.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 2/16/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apache:activemq

Required KB Items: installed_sw/ActiveMQ

Excluded KB Items: global_settings/supplied_logins_only