Detections
Analytics
TextPortal Default Passwords
high Nessus Plugin ID 11660
Language:
Synopsis
Default administrator passwords have not been changed.Description
The remote host is running the TextPortal content management interface.This set of scripts come with two default administrator passwords :
- admin
- 12345
At least one of these two passwords is still set. An attacker could use them to edit the content of the remote website.
Solution
Edit admin_pass.php and change the passwords of these users.Plugin Details
Severity: High
ID: 11660
File Name: textportal_default_password.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 5/28/2003
Updated: 4/18/2023
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Score from an analysis done by tenable
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: manual
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only
Exploit Ease: No exploit is required
Vulnerability Publication Date: 5/24/2003
Reference Information
BID: 7673