Symantec Mail Security for SMTP Admin Center Default Credentials

high Nessus Plugin ID 24756

Language:

Synopsis

An application hosted on the remote web server is protected with default credentials.

Description

Symantec Mail Security for SMTP, which provides anti-spam and antivirus protection for the IIS SMTP Service, is installed on the remote Windows host.

The installation of SMS for SMTP on the remote host uses a default username / password combination to control access to its administrative control center. Knowing these, an attacker can gain control of the affected application.

Solution

Use the control center to add another administrator or alter the password for the 'admin' account.

Plugin Details

Severity: High

ID: 24756

File Name: sms_smtp_default_creds.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 3/5/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:symantec:mail_security

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics