Apache CouchDB Unauthenticated Administrative Access

high Nessus Plugin ID 45434

Synopsis

The remote database server allows administrative access without authentication.

Description

Nessus was able to perform administrative actions on the remote CouchDB server without providing authentication. A remote attacker could exploit this to take control of the CouchDB server.

Solution

Secure the CouchDB installation with an administrative account.

See Also

http://books.couchdb.org/relax/reference/security

Plugin Details

Severity: High

ID: 45434

File Name: couchdb_admin_access.nasl

Version: Revision: 1.7

Type: remote

Family: Databases

Published: 4/7/2010

Updated: 12/1/2017

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:apache:couchdb

Required KB Items: www/couchdb

Exploited by Nessus: true