Detections
Analytics

Apache ActiveMQ Web Console Default Credentials

high Nessus Plugin ID 81375

Language:

Synopsis

A web application administrative console is protected using default credentials.

Description

ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was enabled by default.

Solution

Restrict access to ActiveMQ Web Console, using one of the methods described at the referenced URLs, or change the default login credentials.

See Also

http://activemq.apache.org/web-console.html

http://activemq.apache.org/getting-started.html

Plugin Details

Severity: High

ID: 81375

File Name: activemq_web_console_default_creds.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 2/16/2015

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: Score based on internal evaluation of the vulnerability by tenable.

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:apache:activemq

Required KB Items: installed_sw/Apache ActiveMQ

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only