PRTG Network Monitor Default Credentials

high Nessus Plugin ID 51875

Synopsis

The remote web application uses default credentials.

Description

It is possible to log into the remote PRTG Network Monitor installation by providing the default credentials. A remote attacker could exploit this to gain administrative control of the PRTG Network Monitor installation.

Solution

Secure the 'prtgadmin' account with a strong password.

Plugin Details

Severity: High

ID: 51875

File Name: prtg_network_monitor_default_creds.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 2/4/2011

Updated: 3/4/2021

Dependencies: prtg_network_monitor_detect.nasl

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Score from an in depth analysis done by tenable

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: installed_sw/prtg_network_monitor

Excluded KB Items: global_settings/supplied_logins_only