Synopsis
The remote web application is protected using default credentials.
Description
The remote host is running the VICIDIAL Call Center Suite, a set of programs for Asterisk that act as a complete call center suite.
The remote installation of VICIDIAL is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application.
Solution
Change the password for the admin user.
Plugin Details
File Name: vicidial_default_admin_creds.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only