Citrix NetScaler Web Management Interface Default Administrator Credentials

High Nessus Plugin ID 66394


A web application is protected using default administrative credentials.


The remote Citrix NetScaler Web Management Interface uses a default password ('nsroot') for the administrator account ('nsroot').

With this information, an attacker can gain complete administrative access to the Citrix NetScaler appliance.


Reset the nsroot password.

See Also

Plugin Details

Severity: High

ID: 66394

File Name: netscaler_web_default_creds.nasl

Version: Revision: 1.4

Type: remote

Family: Web Servers

Published: 2013/05/13

Updated: 2016/11/23

Dependencies: 29222

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Required KB Items: www/netscaler

Excluded KB Items: global_settings/supplied_logins_only