Grafana Labs WebUI Default Credentials

critical Nessus Plugin ID 181464

Synopsis

The remote web server contains an application that is protected using default administrator credentials.

Description

The version of Grafana Labs hosted on the remote web server uses a default set of credentials for the default administrator account. A remote attacker can exploit this to gain administrative access to the application.

Solution

Change the default admin login credentials.

See Also

http://www.nessus.org/u?14409426

Plugin Details

Severity: Critical

ID: 181464

File Name: grafana_labs_webui_default_creds.nbin

Version: 1.21

Type: remote

Family: CGI abuses

Published: 9/15/2023

Updated: 11/22/2024

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Tenable score for default admin credentials.

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:grafana:grafana

Required KB Items: installed_sw/Grafana Labs

Excluded KB Items: global_settings/supplied_logins_only