SynopsisAn account on the remote host uses a default password.
DescriptionThe account 'product' or 'emailswitch' is using a default password. A remote, unauthenticated attacker could exploit this to log in as an unprivileged user. After logging in, an attacker can log into the local MySQL server as root without a password. Additionally, getting access to a root shell is trivial.
It is also likely that this host allows remote logins using the 'root', 'cluster', and 'remote' accounts using public key authentication, but Nessus has not checked for those issues.
SolutionUpgrade to Security Definition 2.0.5 or later.
Note that this fix does not disable access to the root, cluster, or remote accounts.