Microsoft Windows Default Credentials (PCI wordlist)

critical Nessus Plugin ID 108810

Language:

Synopsis

Credentials for the remote Windows operating system can be discovered.

Description

An SMB account on the remote Microsoft Windows host uses a common password for one or more accounts. These accounts may be used to gain access to the remote operating system and allow remote command execution. These accounts may belong to the Local Administrators or Domain Administrators groups.

Solution

Assign a different password to this account as soon as possible.

Plugin Details

Severity: Critical

ID: 108810

File Name: smb_bruteforce_pci.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 4/3/2018

Updated: 4/4/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Default credentials

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/name, SMB/transport, Settings/PCI_DSS

Excluded KB Items: SMB/not_windows, global_settings/supplied_logins_only, Settings/PCI_DSS_local_checks, SMB/any_login

Detections

Analytics