Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2000-2018 Stefaan Van DoorenSHIVA_DEFAULT_PASS.NASL
HistoryAug 31, 2000 - 12:00 a.m.

Shiva Integrator Default Password

2000-08-3100:00:00
This script is Copyright (C) 2000-2018 Stefaan Van Dooren
www.tenable.com
29
JSON

The remote Shiva router uses the default password. This means that anyone who has (downloaded) a user manual can telnet to it and reconfigure it to lock you out of it, and to prevent you to use your internet connection.

#
# This script was written by Stefaan Van Dooren <[email protected]>
#
# See the Nessus Scripts License for details
#
# Changes by Tenable
# - only attempt to login if the policy allows it (10/25/11 and  6/2015)
# - Updated to use compat.inc, added CVSS score (11/20/2009)
# - Updated to use global_settings.inc (6/2015)


include("compat.inc");

if (description)
{
  script_id(10500);
  script_version ("1.15");
  script_cvs_date("Date: 2018/08/13 14:32:36");

  script_cve_id("CVE-1999-0508");

  script_name(english:"Shiva Integrator Default Password");
  script_summary(english:"Attempts to log in to the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"The remote router can be accessed with default credentials.");
  script_set_attribute(attribute:"description", value:
"The remote Shiva router uses the default password. 
This means that anyone who has (downloaded) a user manual can 
telnet to it and reconfigure it to lock you out of it, and to 
prevent you to use your internet connection.");
  script_set_attribute(attribute:"solution", value:
"telnet to this router and set a different password immediately." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SNMP Community Scanner');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2002/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2000/08/31");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
 
  script_copyright(english:"This script is Copyright (C) 2000-2018 Stefaan Van Dooren");

  script_require_ports(23);
  script_exclude_keys("global_settings/supplied_logins_only");
 
  exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");

port = 23;
if(get_port_state(port))
{
	if (supplied_logins_only) exit(0, "Policy is configured to prevent trying default user accounts");
	soc = open_sock_tcp(port);
	if(soc)
	{
		data = string("hello\n\r");
		send(data:data, socket:soc);
		buf = recv(socket:soc, length:4096);
		if ("ntering privileged mode" >< buf)
			security_hole(port);
		close(soc);
	}
}

Related

nessus 24
openvas 36
cve 1
cvelist 1
nessus
nessus
Shiva LanRover Blank Password
2002-06-05 00:00:00
Cayman DSL Router Unauthenticated Access
2000-03-12 00:00:00
Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
2005-06-03 00:00:00
openvas
openvas
Enhydra Multiserver Default Password
2005-11-03 00:00:00
WhatsUp Gold Default Admin Account
2005-11-03 00:00:00
Shiva LanRover Blank Password
2005-11-03 00:00:00
cve
cve
CVE-1999-0508
1998-06-01 04:00:00
cvelist
cvelist
CVE-1999-0508
2000-02-04 05:00:00
JSON
Related for SHIVA_DEFAULT_PASS.NASL
nessus24openvas36cve1cvelist1