TYPO3 Default Credentials

high Nessus Plugin ID 44118

Language:

Synopsis

The remote web application uses default credentials.

Description

It is possible to log into the remote TYPO3 installation by providing the default credentials. A remote attacker can exploit this to gain administrative control of the TYPO3 installation.

Solution

Secure the admin account with a strong password.

Plugin Details

Severity: High

ID: 44118

File Name: typo3_default_creds.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 1/22/2010

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:typo3:typo3

Required KB Items: www/PHP, installed_sw/TYPO3

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only

Detections

Analytics