Western Digital Arkeia Virtual Appliance Blank Password

High Nessus Plugin ID 74218

Synopsis

A web application is protected using a blank password.

Description

The remote Western Digital Arkeia Virtual Appliance uses a blank password to control access to its management interface. With this information, an attacker can gain administrative access to the web administration interface for the appliance.

Solution

Log into the application and set a strong password.

Plugin Details

Severity: High

ID: 74218

File Name: wd_arkeia_default_creds.nasl

Version: Revision: 1.3

Type: remote

Family: CGI abuses

Published: 2014/05/28

Updated: 2016/11/29

Dependencies: 74216

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:wdc:arkeia_virtual_appliance

Required KB Items: www/PHP, www/wd_arkeia

Excluded KB Items: global_settings/supplied_logins_only