Synopsis
The remote database service is using default credentials.
Description
The installation of HSQLDB on the remote host has the default 'sa' account enabled without a password. An attacker may use this flaw to execute commands against the remote host, as well as read any data it might contain.
Solution
Disable this account or assign a password to it. In addition, it is suggested that you filter incoming traffic to this port.
Plugin Details
File Name: hsqldb_default_creds.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
CPE: x-cpe:/a:hsqldb:hsqldb
Excluded KB Items: global_settings/supplied_logins_only