Apache Cassandra Default Credentials

critical Nessus Plugin ID 144568

Language:

Synopsis

Checks if Apache Cassandra is using default credentials.

Description

The remote host is running Apache Cassandra and is using default credentials. An unauthenticated, remote attacker can exploit this to gain privileged or administrator access to the system.

Solution

Change the default administrative login credentials.

Plugin Details

Severity: Critical

ID: 144568

File Name: apache_cassandra_default_credentials.nasl

Version: 1.1

Type: remote

Family: Databases

Published: 12/23/2020

Updated: 12/23/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Default credentials

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:apache:cassandra

Required KB Items: installed_sw/Apache Cassandra

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics