WhatsUp Network Monitoring Tool Default Administrative Credentials

high Nessus Network Monitor Plugin ID 3625

Synopsis

The remote host is configured with default or easily-guessed credentials.

Description

The remote host is running WhatsUp, a network monitoring tool that discovers and monitors network resources. The remote install of WhatsUp is still utilizing the default administrative credentials (e.g. admin/admin). An attacker exploiting this flaw would be able to log into the application and gain information regarding the network, change the configuration of the device, and run arbitrary administrative commands on the WhatsUp application.

Solution

Change the default passwords for the application.

Plugin Details

Severity: High

ID: 3625

Family: Web Servers

Published: 5/19/2006

Updated: 1/15/2016