Default Password '5SaP9I26' for 'remotessh' Account

2017-09-01T00:00:00
ID ACCOUNT_REMOTESSH_5SAP9I26.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2017-09-01T00:00:00

Description

The account

                                        
                                            #TRUSTED 401be72bc45baee7940d8ddf3084c75cca29c7712e89a33a51af1ce6769bf3cb58b1613104f273ecc99b67c011fbd33292be966d92c7ad1ec36083ebf77ba692e19eeb7d8acac985873369b09e21427889fc2201d2007ded94b568554f1c2f845379ed11f81f5bbbe9c5c4bf5dcdd013ad0045a8e14092bc8463cf91866cbe37a00d1d5c82fec1efb2df4f76f881c5706349f6763ccb6da84a76920848306dbdcffa1956e52343d8c66176baa90facf8ad81ff86b49748953502b6d3a1846d090704069e95bbf8d96968e65e7d033c8dc84b062d63e7249c455f2be44e47ca2b40da18a2422e8a6b05f108190defe9af7d01c7ddb767220df4c4ac580f586e87cbcb1d43c3d83fa950a5f689643f7b99c2adab5c0c0edf09757c0448c3e4009ce23354a33b7c1e2beceddfbc59e8b700681dda50425537f5742d399b4c6b832cd3225af473c62ed95c37cc6bfc14b6855b0329f45d585a4dcbf597fbc870a1c1ced1c43cf00d05ef135ed839830c1ca0d896eacf082603b1346250a75c16bd4ba4a198c27000dfb95d976b7c3d78db78dcba6a40217c7b95af042cda4dbfea84576751bef7627d8701794213e3356f57a8326e3aa35f44a26827a6bba9b56cbaf6ab6214c5dfbe0675abc4b33959e363345dd5f0954a73e944c3dd2456ce87b0ccf69380c0adb50166e98353200b43345503a05e144ac696f4800fd22cfa0fe4
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102915);
  script_version("1.12");

  script_cve_id("CVE-2017-14115");
  script_bugtraq_id(100585);

  script_name(english:"Default Password '5SaP9I26' for 'remotessh' Account");
  script_summary(english:"Attempts to log into the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"An administrative account on the remote host uses a known default
password.");
  script_set_attribute(attribute:"description", value:
"The account 'remotessh' on the remote host has the default password '5SaP9I26'.
A remote attacker can exploit this issue to gain administrative access
to the affected system.");
  script_set_attribute(attribute:"see_also", value:"https://www.nomotion.net/blog/sharknatto/");
  script_set_attribute(attribute:"solution", value:
"Change the password for this account or disable it.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14115");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"default_account", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Default Unix Accounts");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("find_service1.nasl", "ssh_detect.nasl", "account_check.nasl");
  script_exclude_keys("global_settings/supplied_logins_only");
  script_require_ports("Services/telnet", 23, "Services/ssh", 22);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("ssh_func.inc");
include("ssh_lib.inc");

checking_default_account_dont_report = TRUE;

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
 exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");

port = kb_ssh_transport();

session = new("sshlib::session");
session.open_connection(port:port);
ret = session.login(method:"password", extra:{"username":"remotessh", "password":"5SaP9I26"});
session.close_connection();

if(ret) 
{
  report="It was possible to login to the remote host using the default credentials of remotessh:5SaP9I26.";
  security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);
}
else audit(AUDIT_HOST_NOT, "affected");