ACC Tigris Access Terminal Configuration Disclosure
Medium Nessus Plugin ID 10351
SynopsisThe remote router is affected by an information disclosure vulnerability.
DescriptionThe remote router is an ACC Tigris Terminal Server. Some software versions on this router will allow an attacker to run the SHOW command without first providing authentication. An attacker could exploit this to read part of the router's configuration.
In addition there is a 'public' account with a default password of 'public' which would allow an attacker to execute non-privileged commands on the host.
SolutionAdd access entries to the server to allow access only from authorized staff.