Synopsis
The remote web portal is protected with default credentials.
Description
The remote host is running Plumtree portal, a corporate web portal.
The remote installation of the Plumtree portal is configured to use default credentials to control administrative access. Knowing these, an attacker can gain control of the affected application.
Solution
Assign a password to the 'Administrator' account.
Plugin Details
File Name: plumtree_portal_default_creds.nasl
Supported Sensors: Nessus
Vulnerability Information
Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only