Detections
Analytics
TaskFreak! Default Credentials
high Nessus Plugin ID 46224
Language:
Synopsis
The remote web server hosts a web application that uses default credentials.Description
The installation of TaskFreak! hosted on the remote web server uses the default username and password to control access to its administrative console.Knowing these, an attacker can gain control of the affected application.
Solution
Login via the administrative interface and change the password for the 'Admin' account.Plugin Details
Severity: High
ID: 46224
File Name: taskfreak_default_creds.nasl
Version: 1.12
Type: remote
Family: CGI abuses
Published: 5/3/2010
Updated: 4/18/2023
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Score from an analysis done by tenable
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: manual
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Information
Required KB Items: www/taskfreak
Excluded KB Items: global_settings/supplied_logins_only
Exploit Ease: No exploit is required