Microsoft Windows Administrator Default Password Detection (W32/Deloder Worm Susceptibility)

critical Nessus Plugin ID 11454

Synopsis

The remote host is vulnerable to the W32/Deloder worm.

Description

W32/Deloder is a worm that tries to connect to a remote share by using a list of built-in administrator passwords.

Nessus was able to connect to this host with one of these credentials. The worm W32/Deloder may use it to break into the remote host and upload infected data in the remote shares.

Solution

Change your administrator password to a strong one.

Plugin Details

Severity: Critical

ID: 11454

File Name: smb_login_deloder.nasl

Version: 1.22

Type: remote

Agent: windows

Family: Windows

Published: 3/24/2003

Updated: 7/8/2019

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Default score for default credentials.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/name

Excluded KB Items: global_settings/supplied_logins_only, SMB/any_login

Reference Information

CERT-CC: CA-2003-08