Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2018 Digital Defense IncorporatedDDI_LANROVER_BLANK_PASSWORD.NASL
HistoryJun 05, 2002 - 12:00 a.m.

Shiva LanRover Blank Password

2002-06-0500:00:00
This script is Copyright (C) 2002-2018 Digital Defense Incorporated
www.tenable.com
23
JSON

The Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device.

Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.

#
# This script was written by H D Moore <[email protected]>
#
# See the Nessus Scripts License for details
#

include("compat.inc");

if(description)
{
 script_id(10998);
 script_version ("1.11");
 script_cvs_date("Date: 2018/08/09 17:06:37");

 script_cve_id("CVE-1999-0508");
 
 script_name(english:"Shiva LanRover Blank Password");
 script_summary(english:"Checks for a blank password for the root account");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote network device does not use an administrative password.");
 script_set_attribute(attribute:"description", value:
"The Shiva LanRover has no password set for the root user account.  An
attacker is able to telnet to this system and gain access to any phone
lines attached to this device.  

Additionally, the LanRover can be used as a relay point for further
attacks via the telnet and rlogin functionality available from the
administration shell.");
 script_set_attribute(attribute:"solution", value:
"Telnet to this device and change the password for the root account via
the passwd command.  Please ensure any other accounts have strong
passwords set.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SNMP Community Scanner');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value:
"2002/06/05");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2002-2018 Digital Defense Incorporated");

 script_family(english:"Misc.");
 script_dependencie("find_service1.nasl");
 script_require_ports("Services/telnet", 23);
 exit(0);
}

include('telnet_func.inc');
port = 23;
if(!get_port_state(port))exit(0);

banner = get_telnet_banner(port:port);
if ( ! banner || "@ Userid:" >!< r ) exit(0);

soc = open_sock_tcp(port);

if(soc)
{
    r = telnet_negotiate(socket:soc);

    if("@ Userid:" >< r)
    { 
        send(socket:soc, data:string("root\r\n"));
        r = recv(socket:soc, length:4096);
        
        if("Password?" >< r)
        {
            send(socket:soc, data:string("\r\n"));
            r = recv(socket:soc, length:4096);

            if ("Shiva LanRover" >< r)
            {
                security_hole(port:port);
            }
       }
    }
    close(soc);
}

Related

nessus 24
openvas 36
cve 1
nessus
nessus
Cayman DSL Router Unauthenticated Access
2000-03-12 00:00:00
Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
2005-06-03 00:00:00
3Com Superstack 3 Switch Multiple Default Accounts
2001-08-29 00:00:00
openvas
openvas
Enhydra Multiserver Default Password
2005-11-03 00:00:00
WhatsUp Gold Default Admin Account
2005-11-03 00:00:00
Shiva LanRover Blank Password
2005-11-03 00:00:00
cve
cve
CVE-1999-0508
1998-06-01 04:00:00
JSON
Related for DDI_LANROVER_BLANK_PASSWORD.NASL
nessus24openvas36cve1