Synopsis
A web application is protected using default credentials.
Description
The remote web server hosts the web interface for trixbox (or Asterisk@Home, as it was formerly known), a PBX application based on Asterisk.
The remote installation of this web interface has at least one account configured using default credentials. With this information, an attacker can gain administrative access to trixbox and, in turn Asterisk.
Solution
Change the password for the 'maint' user using, for example, the 'passwd-maint' shell script.
Plugin Details
File Name: trixbox_maint_gui_default_creds.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:fonality:trixbox
Required KB Items: www/PHP, www/trixbox
Excluded KB Items: global_settings/supplied_logins_only