Detections
Analytics
pfSense Default SSH Credentials
critical Nessus Plugin ID 106273
Language:
Synopsis
An account on the remote host uses a known default password.Description
The remote device is a pfSense device that uses a set of known, default credentials. An attacker who is able to connect to the service can use these credentials to gain control of the device.Solution
Log in to the remote host and change the default login credentials.Plugin Details
Severity: Critical
ID: 106273
File Name: pfsense_ssh_default_creds.nasl
Version: Revision: 1.1
Type: remote
Family: Default Unix Accounts
Published: 1/24/2018
Updated: 1/24/2018
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:pfsense:pfsense, cpe:/a:bsdperimeter:pfsense
Excluded KB Items: global_settings/supplied_logins_only