Detections
Analytics
Silex USB Device Server Web Configuration Page Empty Password
critical Nessus Plugin ID 72885
Language:
Synopsis
The remote web service is protected using an empty password.Description
The Web Configuration Page of the remote Silex USB Device Server uses an empty password to manage the device. Knowing this, an attacker with access to the web server can gain administrative access to the device.Note that the device's Web Configuration Page uses host-based authentication. If a login has already been established from the same host as the scanner, this plugin will not be able to test for the credentials.
Note also that the service supports only one session at a time. Any login attempts from a different host while a session is active will fail, even when the credentials are valid, which will result in false negatives.
Solution
Assign a strong password.Plugin Details
Severity: Critical
ID: 72885
File Name: silex_web_configuration_default_creds.nasl
Version: 1.4
Type: remote
Family: CGI abuses
Published: 3/7/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: x-cpe:/a:silex:web_configuration_page
Excluded KB Items: global_settings/supplied_logins_only