Citrix NetScaler Management and Analytics System Default Administrator Credentials

high Nessus Plugin ID 118086

Synopsis

A web application is protected using default administrative credentials.

Description

The remote Citrix NetScaler Management and Analytics System (MAS) uses a default password ('nsroot') for the administrator account ('nsroot').

With this information, an attacker can gain complete administrative access to the Citrix NetScaler appliance.

Solution

Change the default administrative login credentials for nsroot.

See Also

http://www.nessus.org/u?74336bf9

Plugin Details

Severity: High

ID: 118086

File Name: netscaler_mas_web_default_creds.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 10/12/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Default credentials

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:citrix:netscaler

Excluded KB Items: global_settings/supplied_logins_only