Default Password for FTP 'admin' Account

critical Nessus Plugin ID 11539

Synopsis

The remote router uses default credentials.

Description

The account 'admin' on the remote FTP server has the password 'password'. An attacker may leverage this to gain access to the affected system and launch further attacks against it.

If the remote host is an NB1300 router, this would allow an attacker to steal the WAN credentials of the user, or even to reconfigure the router remotely.

Solution

Change the admin password on this host.

See Also

https://seclists.org/bugtraq/2003/Apr/209

Plugin Details

Severity: Critical

ID: 11539

File Name: ftp_nb1300_router.nasl

Version: 1.25

Type: remote

Family: FTP

Published: 4/15/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7359