IBM Tivoli Management Framework Endpoint addr URL Default Credentials

High Nessus Plugin ID 54987


It is possible to authenticate to the remote server using the default credentials.


The remote Tivoli Endpoint installation is secured by default credentials. Nessus is able to make authenticated requests to '/addr' by using the username 'tivoli' and password 'boss', which are hard-coded in the server executable.

A remote, unauthenticated attacker could change the endpoint's configuration or disable the web interface by using these default credentials.


Disable the ability to change endpoint configuration from the browser using the 'http_disable' configuration setting. Refer to the IBM documentation for more information.

See Also

Plugin Details

Severity: High

ID: 54987

File Name: tivoli_endpoint_default_creds.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Web Servers

Published: 2011/06/07

Modified: 2015/09/24

Dependencies: 48363

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_management_framework

Required KB Items: www/tivoli_endpoint

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2011/06/07

Exploitable With

Metasploit (IBM Tivoli Endpoint Manager POST Query Buffer Overflow)

Reference Information

OSVDB: 72751

EDB-ID: 17365