JBoss Administration Console Default Credentials

High Nessus Plugin ID 47714


Access to the remote administration console is protected with default credentials.


The JBoss Administration Console installed on the remote host uses the default username and password. Knowing these, an attacker can gain administrative control of the affected application.


Change the credentials.

Plugin Details

Severity: High

ID: 47714

File Name: jboss_default_credentials.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Web Servers

Published: 2010/07/14

Modified: 2016/11/23

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:ND/RC:ND

Vulnerability Information

Required KB Items: www/jboss

Excluded KB Items: global_settings/supplied_logins_only