PCI DSS Compliance : Point-of-Sale (POS) Software Using Default Credentials

medium Nessus Plugin ID 159591

Language:

Synopsis

A point of sale application is accessible via default credentials.

Description

The remote host is running a point of sale application which can be accessed via default credentials. The PCI Data Security Standard requires default or vendor-shipped credentials to be changed for point-of-sale (PoS) devices.

Solution

Change the default credentials according to vendor specifications.

Plugin Details

Severity: Medium

ID: 159591

File Name: pci_pos_default_cred.nasl

Version: 1.2

Type: remote

Family: Databases

Published: 4/7/2022

Updated: 3/5/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport, Settings/PCI_DSS

Excluded KB Items: Settings/PCI_DSS_local_checks

Detections

Analytics