Basic Analysis and Security Engine Authentication Check

medium Nessus Plugin ID 39535

Language:

Synopsis

The remote web application can be accessed without authentication.

Description

Basic Analysis and Security Engine (BASE) is installed on the remote system. It is possible to access the remote web application without any authentication. This allows anyone to not only browse anomalous network traffic but also obtain detailed information about the underlying OS, installed version of PHP and the database being used. A malicious attacker could leverage this information to launch other attacks against the system.

Solution

Configure the application to require authentication.

Plugin Details

Severity: Medium

ID: 39535

File Name: base_noauth.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 6/26/2009

Updated: 4/7/2022

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:secureideas:basic_analysis_and_security_engine

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics