It was possible to login into the remote Web Application using default credentials.
As the VT
{"id": "OPENVAS:1361412562310103240", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "HTTP Brute Force Logins With Default Credentials Reporting", "description": "It was possible to login into the remote Web Application using default credentials.\n\n As the VT ", "published": "2017-01-06T00:00:00", "modified": "2020-05-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103240", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2020-05-12T17:03:06", "viewCount": 1048, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "_state": {"dependencies": 1678915652, "score": 1678914494, "epss": 1678933836}, "_internal": {"score_hash": "f7f0f9464e88892f3238c953140198e5"}, "pluginID": "1361412562310103240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HTTP Brute Force Logins With Default Credentials Reporting\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103240\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 13:47:00 +0100 (Fri, 06 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:P/A:P\");\n script_name(\"HTTP Brute Force Logins With Default Credentials Reporting\");\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_category(ACT_END);\n script_family(\"Brute force attacks\");\n script_dependencies(\"default_http_auth_credentials.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"default_http_auth_credentials/started\");\n\n script_add_preference(name:\"Report timeout\", type:\"checkbox\", value:\"no\", id:1);\n\n script_tag(name:\"summary\", value:\"It was possible to login into the remote Web Application using default credentials.\n\n As the VT 'HTTP Brute Force Logins With Default Credentials' (OID: 1.3.6.1.4.1.25623.1.0.108041) might run into a\n timeout the actual reporting of this vulnerability takes place in this VT instead. The script preference 'Report timeout'\n allows you to configure if such an timeout is reported.\");\n\n script_tag(name:\"solution\", value:\"Change the password as soon as possible.\");\n\n script_tag(name:\"vuldetect\", value:\"Reports default credentials detected by the VT 'HTTP Brute Force Logins With Default Credentials'\n (OID: 1.3.6.1.4.1.25623.1.0.108041).\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\n\nport = http_get_port( default:80 );\n\ncredentials = get_kb_list( \"default_http_auth_credentials/\" + port + \"/credentials\" );\n\nif( ! isnull( credentials ) ) {\n\n report = 'It was possible to login with the following credentials <Url>:<User>:<Password>:<HTTP status code>\\n\\n';\n\n # Sort to not report changes on delta reports if just the order is different\n credentials = sort( credentials );\n\n foreach credential( credentials ) {\n url_user_pass = split( credential, sep:\"#-#\", keep:FALSE );\n report += http_report_vuln_url( port:port, url:url_user_pass[0], url_only:TRUE ) + \":\" + url_user_pass[1] + '\\n';\n vuln = TRUE;\n }\n}\n\nreportTimeout = script_get_preference( \"Report timeout\", id:1 );\nif( reportTimeout == \"yes\" ) {\n if( ! get_kb_item( \"default_http_auth_credentials/\" + port + \"/no_timeout\" ) ) {\n timeoutReport = \"A timeout happened during the test for default logins. \" +\n \"Consider raising the script_timeout value of the VT \" +\n \"'HTTP Brute Force Logins With Default Credentials' \" +\n \"(OID: 1.3.6.1.4.1.25623.1.0.108041).\";\n log_message( port:port, data:timeoutReport );\n }\n}\n\nif( vuln ) {\n c = get_kb_item( \"default_http_auth_credentials/\" + port + \"/too_many_logins\" );\n if( c ) {\n report += '\\nRemote host accept more than ' + c + ' logins. This could indicate some error or some \"broken\" web application.\\nScanner stops testing for default logins at this point.';\n log_message( port:port, data:report );\n exit( 0 );\n }\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "Brute force attacks"}
HTTP Brute Force Logins With Default Credentials Reporting