Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ACCOUNT_ROOT_ARCSIGHT.NASL
HistoryAug 05, 2013 - 12:00 a.m.

Default Password (arcsight) for 'root' Account

2013-08-0500:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3011
JSON

The account ‘root’ on the remote host has the password ‘arcsight’.

An attacker may leverage this issue to gain total control of the affected system.

Note that some network devices are known to use these credentials by default.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

account = "root";
password = "arcsight";

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69443);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-1999-0502");

  script_name(english:"Default Password (arcsight) for 'root' Account");

  script_set_attribute(attribute:"synopsis", value:
"An account on the remote host uses a known default password.");
  script_set_attribute(attribute:"description", value:
"The account 'root' on the remote host has the password 'arcsight'. 

An attacker may leverage this issue to gain total control of the
affected system.

Note that some network devices are known to use these credentials by
default.");
  # http://www8.hp.com/us/en/software-solutions/software.html?compURI=1314386#.UfvZaWQ6VX8
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ee89d059");
  script_set_attribute(attribute:"solution", value:
"Set a strong password for this account or disable it.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-1999-0502");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:arcsight_logger");
  script_set_attribute(attribute:"default_account", value:"true");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Default Unix Accounts");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_detect.nasl", "account_check.nasl", "telnetserver_detect_type_nd_version.nasl");
  script_exclude_keys("global_settings/supplied_logins_only");
  script_require_ports("Services/telnet", 23, "Services/ssh", 22);

  exit(0);
}

#
# The script code starts here : 
#
include("audit.inc");
include("default_account.inc");
include("global_settings.inc");

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
 exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");

affected = FALSE;
ssh_ports = get_service_port_list(svc: "ssh", default:22);
foreach port (ssh_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"ssh");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(affected) exit(0);

telnet_ports = get_service_port_list(svc: "telnet", default:23);
foreach port (telnet_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"telnet");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(!affected) audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
hparcsight_loggercpe:/a:hp:arcsight_logger

Related

nessus 161
openvas 24
saint 4
zdt 3
packetstorm 2
cve 1
rapid7community 1
threatpost 1
nessus
nessus
Unpassworded 'toor' Account
2003-02-20 00:00:00
Unpassworded 'EZsetup' Account
2003-02-20 00:00:00
Default Password 'ubnt' for 'ubnt' Account
2016-10-28 00:00:00
openvas
openvas
MPEi/X Default Accounts
2005-11-03 00:00:00
Unpassworded 'bash' account
2005-11-03 00:00:00
Unpassworded 'help' account (SSH/Telnet)
2005-11-03 00:00:00
saint
saint
SSH password weakness
2011-01-05 00:00:00
SSH password weakness
2011-01-05 00:00:00
SSH password weakness
2011-01-05 00:00:00
zdt
zdt
SSH User Code Execution Vulnerability
2013-05-16 00:00:00
SSH - User Code Execution Exploit
2017-03-23 00:00:00
Varnish Cache CLI Interface Remote Code Execution Exploit
2014-12-21 00:00:00
packetstorm
packetstorm
SSH User Code Execution
2013-05-15 00:00:00
Varnish Cache CLI Interface Remote Code Execution
2014-12-20 00:00:00
cve
cve
CVE-1999-0502
1998-03-01 05:00:00
rapid7community
rapid7community
Metasploit Wrapup
2017-08-07 13:34:12
threatpost
threatpost
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
2017-03-30 14:50:51
JSON
Related for ACCOUNT_ROOT_ARCSIGHT.NASL
nessus161openvas24saint4zdt3packetstorm2cve1rapid7community1threatpost1