Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ACCOUNT_ROOT_OPENELEC.NASL
HistoryJan 28, 2013 - 12:00 a.m.

Default Password (openelec) for 'root' Account

2013-01-2800:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
82
JSON

The account ‘root’ on the remote host has the password ‘openelec’.

An attacker can exploit this issue to gain full access to the affected system.

Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

account = "root";
password = "openelec";

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64261);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-1999-0502");
  script_xref(name:"CERT", value:"544527");

  script_name(english:"Default Password (openelec) for 'root' Account");

  script_set_attribute(attribute:"synopsis", value:
"The remote system can be accessed with a default password.");
  script_set_attribute(attribute:"description", value:
"The account 'root' on the remote host has the password 'openelec'. 

An attacker can exploit this issue to gain full access to the affected
system. 

Note that a version of Linux optimized for Raspberry Pi ARM computers
is known to use these credentials by default.");
  # http://wiki.openelec.tv/index.php?title=OpenELEC_FAQ#SSH_Password_change
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d8f5196");
  script_set_attribute(attribute:"see_also", value:"https://github.com/RasPlex/RasPlex/issues/453");
  script_set_attribute(attribute:"solution", value:
"Set a strong password for this account, or use ACLs to restrict access
to the host.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:TF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:T/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-1999-0502");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SSH User Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"default_account", value:"true");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Default Unix Accounts");

  script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_detect.nasl", "account_check.nasl", "telnetserver_detect_type_nd_version.nasl");
  script_exclude_keys("global_settings/supplied_logins_only");
  script_require_ports("Services/telnet", 23, "Services/ssh", 22);

  exit(0);
}

include("audit.inc");
include("default_account.inc");
include("global_settings.inc");

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

if (! thorough_tests && ! get_kb_item("Settings/test_all_accounts"))
 exit(0, "Neither thorough_tests nor 'Settings/test_all_accounts' is set.");

affected = FALSE;
ssh_ports = get_service_port_list(svc: "ssh", default:22);
foreach port (ssh_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"ssh");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(affected) exit(0);

telnet_ports = get_service_port_list(svc: "telnet", default:23);
foreach port (telnet_ports)
{
  port = check_account(login:account, password:password, port:port, svc:"telnet");
  if (port)
  {
    affected = TRUE;
    security_report_v4(port:port, severity:SECURITY_HOLE, extra:default_account_report());
  }
}
if(!affected) audit(AUDIT_HOST_NOT, "affected");

Related

nessus 161
openvas 24
cve 1
saint 4
packetstorm 2
zdt 3
rapid7community 1
threatpost 1
nessus
nessus
Default Password (manager) for 'system' Account
2003-02-20 00:00:00
Default Password '1234' for 'admin' Account
2016-10-28 00:00:00
Default Password '12345' for 'guest' Account
2016-10-28 00:00:00
openvas
openvas
Unpassworded 'help' account (SSH/Telnet)
2005-11-03 00:00:00
MPEi/X Default Accounts
2005-11-03 00:00:00
Unpassworded 'bash' account
2005-11-03 00:00:00
cve
cve
CVE-1999-0502
1998-03-01 05:00:00
saint
saint
SSH password weakness
2011-01-05 00:00:00
SSH password weakness
2011-01-05 00:00:00
SSH password weakness
2011-01-05 00:00:00
packetstorm
packetstorm
SSH User Code Execution
2013-05-15 00:00:00
Varnish Cache CLI Interface Remote Code Execution
2014-12-20 00:00:00
zdt
zdt
SSH - User Code Execution Exploit
2017-03-23 00:00:00
SSH User Code Execution Vulnerability
2013-05-16 00:00:00
Varnish Cache CLI Interface Remote Code Execution Exploit
2014-12-21 00:00:00
rapid7community
rapid7community
Metasploit Wrapup
2017-08-07 13:34:12
threatpost
threatpost
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
2017-03-30 14:50:51
JSON
Related for ACCOUNT_ROOT_OPENELEC.NASL
nessus161openvas24cve1saint4packetstorm2zdt3rapid7community1threatpost1