Apache ActiveMQ Web Console Default Credentials

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81375);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_name(english:"Apache ActiveMQ Web Console Default Credentials");

  script_set_attribute(attribute:"synopsis", value:
"A web application administrative console is protected using default
credentials.");
  script_set_attribute(attribute:"description", value:
"ActiveMQ Web Console, an administrative interface for Apache ActiveMQ,
is protected using default credentials. Note that no authentication
mechanism was provided prior to version 5.4.0. However, in version
5.4.0, HTTP Basic Authentication was an option, and starting with
version 5.8.0, this was enabled by default.");
  script_set_attribute(attribute:"see_also", value:"http://activemq.apache.org/web-console.html");
  script_set_attribute(attribute:"see_also", value:"http://activemq.apache.org/getting-started.html");
  script_set_attribute(attribute:"solution", value:
"Restrict access to ActiveMQ Web Console, using one of the methods
described at the referenced URLs, or change the default login
credentials.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on internal evaluation of the vulnerability by Tenable.");

  script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:activemq");
  script_set_attribute(attribute:"default_account", value:"true");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2024 Tenable Network Security, Inc.");

  script_dependencies("activemq_web_console_detect.nasl");
  script_require_keys("installed_sw/Apache ActiveMQ");
  script_exclude_keys("Settings/disable_cgi_scanning", "global_settings/supplied_logins_only");
  script_require_ports("Services/www", 8161);

  exit(0);
}

include("http.inc");
include("install_func.inc");

var app = 'Apache ActiveMQ';
get_install_count(app_name:app, exit_if_zero:TRUE);

var port = get_http_port(default:8161);

var install = get_single_install(
  app_name : app,
  port     : port
);

var dir = install['path'];
var install_url = build_url(port:port, qs:dir);

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

clear_cookiejar();

var user = "admin";
var pass = "admin";
var info, report;

var res = http_send_recv3(
  method       : "GET",
  item         : "/admin/",
  port         : port,
  username     : user,
  password     : pass,
  exit_on_fail : TRUE
);

if ( ('ActiveMQ Console</title>' >< res[2]) &&
   (ereg(
      pattern : 'Welcome to the (Apache )?ActiveMQ Console',
      string  : res[2],
      multiline : TRUE
  ))
)
{
  info +=
    '\n  Username : ' + user +
    '\n  Password : ' + pass + '\n';

  if (report_verbosity > 0)
  {
    report = '\n' +
      'Nessus was able to gain access using the following URL :\n' +
      '\n' +
      '  ' + install_url + '\n' +
      '\n' +
      'and the following set of credentials :\n' +
      info;
      security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);