Citrix NetScaler Web Management Interface Default Administrator Credentials

High Nessus Plugin ID 66394

Synopsis

A web application is protected using default administrative credentials.

Description

The remote Citrix NetScaler Web Management Interface uses a default password ('nsroot') for the administrator account ('nsroot').

With this information, an attacker can gain complete administrative access to the Citrix NetScaler appliance.

Solution

Reset the nsroot password.

See Also

http://www.nessus.org/u?74336bf9

Plugin Details

Severity: High

ID: 66394

File Name: netscaler_web_default_creds.nasl

Version: Revision: 1.4

Type: remote

Family: Web Servers

Published: 2013/05/13

Updated: 2016/11/23

Dependencies: 29222

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Required KB Items: www/netscaler

Excluded KB Items: global_settings/supplied_logins_only