Lucene search
K

Blue Coat Reporter Default Password (admin) for 'admin' Account

🗓️ 06 Oct 2008 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 912 Views

Blue Coat Reporter Default Passwor

Code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(34346);
  script_version("$Revision: 1.8 $");
  script_cvs_date("$Date: 2013/01/25 01:19:07 $");

  script_name(english: "Blue Coat Reporter Default Password (admin) for 'admin' Account");
  script_summary(english: "Tries to log into Blue Coat Reporter as admin/admin");
 
 script_set_attribute(attribute:"synopsis", value:
"The administrative password for the remote web service can be guessed." );
 script_set_attribute(attribute:"description", value:
"Nessus could gain administrative access to the Blue Coat Reporter
install on the remote host using 'admin' for both the username and
password." );
 script_set_attribute(attribute:"solution", value:
"Change the admin password." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");
  script_copyright(english:"This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.");
  script_dependencies("http_version.nasl", "bluecoat_reporter.nasl");
  script_require_ports("Services/www", 8987);
  script_require_keys("www/BCReport");
  exit(0);
}

#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8987);

banner = get_http_banner(port: port);
if (! banner ||
    ! egrep(string: banner, pattern: '^Server:[ \t]*BCReport/')) exit(0);

# Go to / to grab a cookie
r = http_send_recv3(port: port, method: 'GET', item: "/");
if (isnull(r)) exit(0);
# No need to test the Server field again here.

cmd = 'volatile.authentication_failed=true&volatile.login=true&webvars.username=admin&webvars.password=admin';

r = http_send_recv3(port: port, method: 'POST', item: '/', data: cmd, 
 add_headers: make_array('Content-Type', 'application/x-www-form-urlencoded') );
if (isnull(r) || ">Invalid username or password.<" >< r[2]) exit(0);

# hash=MD5("admin")
if (egrep(string: r[1], pattern: '^Set-Cookie:[ \t]*authpassword7=21232f297a57a5a743894a0e4a801fc3;'))
 security_hole(port);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Jan 2013 01:19Current
5.5Medium risk
Vulners AI Score5.5
912