Root Is Just A Few Clicks Away
Default vendor logins and passwords are a common security issue that Nessus can scan for. Some of these default accounts can pose a serious security risk, depending on the type of access they permit. Nessus plugin id 35029 ("Dell Remote Access Controller Default password (calvin) for 'root' account") is a great example of this. It looks for a default username and password present on DRAC (Dell Remote Access Controller) devices which provide remote systems management for Dell servers.
This is a common practice for many vendors: instead of having the end user create a password during the initial configuration of the system, the vendor assigns a default value. The default passwords are often posted in the vendor's documentation, and several other web sites such as the list provided by the Phenoelit group. In this case, the default username and password pair allows a user access to the DRAC server functionality, including the ability to power the server on or off, and access the remote console. The DRAC system is an embedded system that sits inside the server with access to the hardware. It is intended for maintenance purposes and is separate from the operating system on the server.
The DRAC login and password provides access to the console as if the user were sitting in front of it. A serious risk is posed if an administrator had logged into the console as root and forgot to log off, providing the attacker with the root-level access when connecting via DRAC.
A common security requirement is to ensure that system consoles are physically protected from access. Using the default username and password for DRAC violates this requirement and poses a serious security risk.
It is important to investigate the results of each plugin and determine the full implications of the findings. Change the default passwords and be certain to log out of your sessions when administering systems (Windows or Linux/UNIX). Nessus also has several other plugins for detecting the presence of default passwords, for example on UNIX systems see the plugin category Default Unix Accounts.
Related Posts
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus