JBoss Administration Console Default Credentials

high Nessus Plugin ID 47714

Language:

Synopsis

Access to the remote administration console is protected with default credentials.

Description

The JBoss Administration Console installed on the remote host uses the default username and password. Knowing these, an attacker can gain administrative control of the affected application.

Solution

Change the credentials.

Plugin Details

Severity: High

ID: 47714

File Name: jboss_default_credentials.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 7/14/2010

Updated: 12/22/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:jboss:jboss

Required KB Items: www/jboss

Excluded KB Items: global_settings/supplied_logins_only

Detections

Analytics