This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The phpMyAdmin team reports : Summary Bypass
$cfg['Servers'][$i]['AllowNoPassword'] Description A vulnerability was
discovered where the restrictions caused by
$cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under
certain PHP versions. This can allow the login of users who have no
password set even if the administrator has set
$cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the
This behavior depends on the PHP version used (it seems PHP 5 is
affected, while PHP 7.0 is not). Severity We consider this
vulnerability to be of moderate severity. Mitigation factor Set a
password for all users.
See also :
Update the affected package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now