Citrix NetScaler Management and Analytics System Default Administrator Credentials

High Nessus Plugin ID 118086

Synopsis

A web application is protected using default administrative credentials.

Description

The remote Citrix NetScaler Management and Analytics System (MAS) uses a default password ('nsroot') for the administrator account ('nsroot').

With this information, an attacker can gain complete administrative access to the Citrix NetScaler appliance.

Solution

Change the default administrative login credentials for nsroot.

See Also

http://www.nessus.org/u?74336bf9

Plugin Details

Severity: High

ID: 118086

File Name: netscaler_mas_web_default_creds.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 2018/10/12

Modified: 2018/10/12

Dependencies: 118087

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Default credentials

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Excluded KB Items: global_settings/supplied_logins_only