Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2005 Charles ThierOPENVAS:136141256231018414
HistoryNov 03, 2005 - 12:00 a.m.

Allied Telesyn Router/Switch Default Credentials (Telnet)

2005-11-0300:00:00
Copyright (C) 2005 Charles Thier
plugins.openvas.org
61

AI Score

9.7

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

The Allied Telesyn Router/Switch has the default password set.

# SPDX-FileCopyrightText: 2005 Charles Thier
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.18414");
  script_version("2023-06-22T10:34:15+0000");
  script_tag(name:"last_modification", value:"2023-06-22 10:34:15 +0000 (Thu, 22 Jun 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-1999-0507", "CVE-1999-0508");
  script_name("Allied Telesyn Router/Switch Default Credentials (Telnet)");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2005 Charles Thier");
  script_family("Default Accounts");
  script_dependencies("telnetserver_detect_type_nd_version.nasl", "gb_default_credentials_options.nasl");
  script_require_ports("Services/telnet", 23);
  script_mandatory_keys("telnet/allied/telesyn/detected");
  script_exclude_keys("default_credentials/disable_default_account_checks");

  script_add_preference(name:"Use complete password list (not only vendor specific passwords)", type:"checkbox", value:"no", id:1);

  script_tag(name:"solution", value:"Telnet to this Router/Switch and change the default password.");

  script_tag(name:"summary", value:"The Allied Telesyn Router/Switch has the default password set.");

  script_tag(name:"impact", value:"The attacker could use this default password to gain remote access
  to your switch or router.  This password could also be potentially used to
  gain other sensitive information about your network from the device.");

  script_tag(name:"solution_type", value:"Mitigation");
  script_tag(name:"qod_type", value:"remote_vul");

  exit(0);
}

include("telnet_func.inc");
include("default_credentials.inc");
include("misc_func.inc");
include("port_service_func.inc");
include("dump.inc");

# If optimize_test = no
if( get_kb_item( "default_credentials/disable_default_account_checks" ) )
  exit( 0 );

port = telnet_get_port( default:23 );
banner = telnet_get_banner( port:port );
if( ! banner || "TELNET session" >!< banner )
  exit( 0 );

p = script_get_preference("Use complete password list (not only vendor specific passwords)");
if( "yes" >< p ) {
  clist = try();
} else {
  clist = try( vendor:"allied" );
}
if( ! clist ) exit( 0 );

foreach credential( clist ) {

  # Handling of user uploaded credentials which requires to escape a ';' or ':'
  # in the user/password so it doesn't interfere with our splitting below.
  credential = str_replace( string:credential, find:"\;", replace:"#sem_legacy#" );
  credential = str_replace( string:credential, find:"\:", replace:"#sem_new#" );

  user_pass = split( credential, sep:":", keep:FALSE );
  if( isnull( user_pass[0] ) || isnull( user_pass[1] ) ) {
    # nb: ';' was used pre r9566 but was changed to ':' as a separator as the
    # GSA is stripping ';' from the VT description. Keeping both in here
    # for backwards compatibility with older scan configs.
    user_pass = split( credential, sep:";", keep:FALSE );
    if( isnull( user_pass[0] ) || isnull( user_pass[1] ) )
      continue;
  }

  user = chomp( user_pass[0] );
  pass = chomp( user_pass[1] );

  user = str_replace( string:user, find:"#sem_legacy#", replace:";" );
  pass = str_replace( string:pass, find:"#sem_legacy#", replace:";" );
  user = str_replace( string:user, find:"#sem_new#", replace:":" );
  pass = str_replace( string:pass, find:"#sem_new#", replace:":" );

  if( tolower( pass ) == "none" ) pass = "";

  soc = open_sock_tcp( port );
  if( ! soc ) continue;

  answer = recv( socket:soc, length:4096 );
  if( "ogin:" >< answer ) {
    send( socket:soc, data:string( user, "\r\n" ) );
    answer = recv( socket:soc, length:4096 );
    send( socket:soc, data:string( pass, "\r\n" ) );
    answer = recv( socket:soc, length:4096 );

    if( "Manager" >< answer ) {
      security_message( port:port, data:"It was possible to login with the credentials '" + user + ":" + pass + "'." );
    }
  }
  close( soc );
}

exit( 0 );

Related

openvas 35
nessus 25
cvelist 2
cve 2
packetstorm 1
metasploit 2
openvas
openvas
Cisco Device Default Password (SSH)
2007-11-04 00:00:00
Bay Networks Accelar 1200 Switch Default Credentials (Telnet)
2005-11-03 00:00:00
AirConnect Default Password (HTTP)
2005-11-03 00:00:00
nessus
nessus
Shiva LanRover Blank Password
2002-06-05 00:00:00
3Com Superstack 3 Switch Multiple Default Accounts
2001-08-29 00:00:00
Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
2005-06-03 00:00:00
cvelist
cvelist
CVE-1999-0508
2000-02-04 05:00:00
CVE-1999-0507
2000-02-04 05:00:00
cve
cve
CVE-1999-0508
2000-02-04 05:00:00
CVE-1999-0507
2000-02-04 05:00:00
packetstorm
packetstorm
SNMP Community Login Scanner
2024-08-31 00:00:00
metasploit
metasploit
SNMP Enumeration Module
2010-12-25 06:31:38
SNMP Community Login Scanner
2012-03-18 05:07:27

AI Score

9.7

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON
Related for OPENVAS:136141256231018414
openvas35nessus25cvelist2cve2packetstorm1metasploit2