Citrix NetScaler Management and Analytics System Default Administrator Credentials

High Nessus Plugin ID 118086


A web application is protected using default administrative credentials.


The remote Citrix NetScaler Management and Analytics System (MAS) uses a default password ('nsroot') for the administrator account ('nsroot').

With this information, an attacker can gain complete administrative access to the Citrix NetScaler appliance.


Change the default administrative login credentials for nsroot.

See Also

Plugin Details

Severity: High

ID: 118086

File Name: netscaler_mas_web_default_creds.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 2018/10/12

Updated: 2018/10/12

Dependencies: 118087

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Default credentials

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Excluded KB Items: global_settings/supplied_logins_only