Detections
Analytics
Compaq Web-enabled Management Software Default Account
high Nessus Plugin ID 11879
Language:
Synopsis
The remote host has a web-enabled management application that uses default login credentials.Description
The Compaq Web-based Management / HP System Management Agent active on the remote host is configured with the default, or a predictable, administrator password. Depending on the agents integrated, this allows an attacker to view sensitive and verbose system information, and may even allow more active attacks such as rebooting the remote system. Furthermore, if an SNMP agent is configured on the remote host it may disclose the SNMP community strings in use, allowing an attacker to set device configuration if the 'write' community string is uncovered.Solution
Set a strong password for the administrator account.Plugin Details
Severity: High
ID: 11879
File Name: compaq_web_mgmt_password.nasl
Version: 1.23
Type: remote
Family: Web Servers
Published: 10/13/2003
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
Excluded KB Items: global_settings/supplied_logins_only
Vulnerability Publication Date: 1/15/2004