ID CVE-1999-0508
Summary An account on a router, firewall, or other network device has a default, null, blank, or missing password.
References
Vulnerable Configurations
CVSS
Base: 4.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description This module logs in to SNMP devices using common community names.
id MSF:AUXILIARY/SCANNER/SNMP/SNMP_LOGIN
last seen 2018-10-13
modified 2017-07-24
published 2011-11-11
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/snmp/snmp_login.rb
title SNMP Community Login Scanner
nessus via4
  • NASL family CGI abuses
    NASL id DDI_WHATSUP_DEFAULT.NASL
    description This WhatsUp Gold server still has the default password for the admin user account. An attacker can use this account to probe other systems on the network and obtain sensitive information about the monitored systems.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 11004
    published 2002-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11004
    title Ipswitch WhatsUp Gold Default Admin Account
  • NASL family Windows
    NASL id DDI_UNPROTECTED_PCANYWHERE.NASL
    description The pcAnywhere service does not require a password to access the desktop of this system. If this machine is running Windows 95, 98, or ME, gaining full control of the machine is trivial. If this system is running NT or 2000 and is currently logged out, an attacker can still spy on and hijack a legitimate user's session when they login.
    last seen 2019-02-21
    modified 2012-08-15
    plugin id 10798
    published 2001-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10798
    title Symantec pcAnywhere Service Unrestricted Access
  • NASL family CGI abuses
    NASL id DDI_JAVASERVER_DEFAULT.NASL
    description The remote host is running the Sun JavaServer. This server has the default username and password of admin. An attacker can use this to gain complete control over the web server configuration and possibly execute commands.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 10995
    published 2002-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10995
    title Sun JavaServer Default Admin Password
  • NASL family Misc.
    NASL id ALLIED_TELESYN_TELNET.NASL
    description The remote device appears to be an Allied Telesyn router or switch that can be accessed using default credentials. An attacker could leverage this issue to gain administrative access to the affected device. This password could also be potentially used to gain other sensitive information about the network from the device.
    last seen 2019-02-21
    modified 2015-09-24
    plugin id 18414
    published 2005-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18414
    title Allied Telesyn Router/Switch Default Password
  • NASL family Misc.
    NASL id SHIVA_DEFAULT_PASS.NASL
    description The remote Shiva router uses the default password. This means that anyone who has (downloaded) a user manual can telnet to it and reconfigure it to lock you out of it, and to prevent you to use your internet connection.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 10500
    published 2000-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10500
    title Shiva Integrator Default Password
  • NASL family CISCO
    NASL id DDI_LINKSYS_ROUTER_DEFAULT_PASSWORD.NASL
    description The remote Linksys router accepts the default password 'admin' for the web administration console. This console provides read/write access to the router's configuration. An attacker could take advantage of this to reconfigure the router and possibly re-route traffic.
    last seen 2019-02-21
    modified 2013-12-17
    plugin id 10999
    published 2002-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10999
    title Linksys Router Default Password
  • NASL family Misc.
    NASL id 3COM_SWITCHES.NASL
    description The 3Com Superstack 3 switch has the default passwords set. The attacker could use these default passwords to gain remote access to your switch and then reconfigure the switch. These passwords could also be potentially used to gain sensitive information about your network from the switch.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 10747
    published 2001-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10747
    title 3Com Superstack 3 Switch Multiple Default Accounts
  • NASL family Misc.
    NASL id DDI_AIRCONNECT_DEFAULT_PASSWORD.NASL
    description This AirConnect wireless access point still has the default password set for the web interface. This could be abused by an attacker to gain full control over the wireless network settings.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 10961
    published 2002-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10961
    title AirConnect Default Password
  • NASL family Misc.
    NASL id NORTEL_PASSPORT_DEFAULT_PASS.NASL
    description The remote switch/routers uses the default password. This means that anyone who has (downloaded) a user manual can telnet to it and gain administrative access.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 10989
    published 2002-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10989
    title Nortel/Bay Networks Default Password
  • NASL family Web Servers
    NASL id ALLIED_TELESYN_WEB.NASL
    description The Allied Telesyn Router/Switch has the default password set. The attacker could use this default password to gain remote access to your switch or router. This password could also be potentially used to gain other sensitive information about your network from the device.
    last seen 2019-02-21
    modified 2012-08-15
    plugin id 18413
    published 2005-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18413
    title Allied Telesyn Router/Switch Web Interface Default Password
  • NASL family Misc.
    NASL id DDI_LANROVER_BLANK_PASSWORD.NASL
    description The Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device. Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 10998
    published 2002-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10998
    title Shiva LanRover Blank Password
  • NASL family CISCO
    NASL id CISCO_NO_PW.NASL
    description The remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 10754
    published 2001-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10754
    title Cisco Multiple Devices Unpassworded Account
  • NASL family Misc.
    NASL id DDI_MOTOROLA_VANGUARD_NO_PASS.NASL
    description This device is a Motorola Vanguard router and has no password set. An attacker can reconfigure this device without providing any authentication.
    last seen 2019-02-21
    modified 2012-08-15
    plugin id 11203
    published 2003-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11203
    title Motorola Vanguard with No Password (telnet check)
  • NASL family Web Servers
    NASL id MIKROTIK_BLANK_PASSWORD_WWW.NASL
    description The remote host is running MikroTik RouterOS without a password for its 'admin' account. Anyone can connect to it and gain administrative access to it.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 39420
    published 2009-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39420
    title MikroTik RouterOS with Blank Password (HTTP)
  • NASL family CGI abuses
    NASL id DDI_UNPROTECTED_SITESCOPE.NASL
    description The remote SiteScope web service has no password set. An attacker who can connect to this server can view usernames and passwords stored in the preferences section or reconfigure the service.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 10778
    published 2001-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10778
    title SiteScope Web Service Unpassworded Access
  • NASL family CISCO
    NASL id CISCO_DEFAULT_PW.NASL
    description The remote Cisco router has a default password set. A remote, unauthenticated attacker can exploit this to gain administrative access.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 23938
    published 2006-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23938
    title Cisco Device Default Password
  • NASL family CGI abuses
    NASL id OPENWRT_BLANK_TELNET_PASSWORD.NASL
    description The remote host is running OpenWrt, an open source Linux distribution for embedded devices, especially routers. It is currently configured without a password, which is the case by default. Anyone can connect to the device via Telnet and gain administrative access to it.
    last seen 2019-02-21
    modified 2017-03-21
    plugin id 40354
    published 2009-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40354
    title OpenWrt Router with a Blank Password (telnet check)
  • NASL family Misc.
    NASL id AVAYA_SWITCHES.NASL
    description The remote host appears to be an Avaya P330 Stackable Switch with its default password set. An attacker could use this default password to gain remote access to the affected switch. This password could also be potentially used to gain other sensitive information about the remote network from the switch.
    last seen 2019-02-21
    modified 2012-08-15
    plugin id 17638
    published 2005-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17638
    title Avaya P330 Stackable Switch Default Password
  • NASL family Misc.
    NASL id MIKROTIK_BLANK_PASSWORD.NASL
    description The remote host is running MikroTik RouterOS without a password for its 'admin' account. Anyone can connect to it and gain administrative access to it.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 30213
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30213
    title MikroTik RouterOS with Blank Password (telnet check)
  • NASL family Misc.
    NASL id ACCELAR_1200.NASL
    description The remote device appears to be a Bay Networks Accelar 1200 Switch that can be accessed using default credentials. An attacker could leverage this issue to gain administrative access to the affected device. This password could also be potentially used to gain other sensitive information about the network from the device.
    last seen 2019-02-21
    modified 2015-09-24
    plugin id 18415
    published 2005-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18415
    title Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
  • NASL family Web Servers
    NASL id DDI_TOMCAT_DEFAULT_ACCOUNTS.NASL
    description This host appears to be the running the Apache Tomcat Servlet engine with the default accounts still configured. A potential intruder could reconfigure this service in a way that grants system access.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 11204
    published 2003-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11204
    title Apache Tomcat Default Accounts
  • NASL family Misc.
    NASL id DDI_F5_DEFAULT_SUPPORT.NASL
    description The remote F5 Networks device has the default password set for the 'support' user account. This account normally provides read/write access to the web configuration utility. An attacker could take advantage of this to reconfigure your systems and possibly gain shell access to the system with super-user privileges.
    last seen 2019-02-21
    modified 2014-01-14
    plugin id 10820
    published 2001-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10820
    title F5 Device Default Support Password
  • NASL family Web Servers
    NASL id DDI_ENHYDRA_DEFAULT.NASL
    description This system appears to be running the Enhydra application server configured with the default administrator password of 'enhydra'. A potential intruder could reconfigure this service and use it to obtain full access to the system.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 11202
    published 2003-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11202
    title Enhydra Multiserver Default Password
  • NASL family Databases
    NASL id POSTGRESQL_UNPASSWORDED.NASL
    description It is possible to connect to the remote PostgreSQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 10483
    published 2000-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10483
    title PostgreSQL Default Unpassworded Account
  • NASL family Misc.
    NASL id PASSWORDLESS_CAYMAN_ROUTER.NASL
    description The remote router has no password. An intruder may connect to it and disable it easily.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 10345
    published 2000-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10345
    title Cayman DSL Router Unauthenticated Access
Last major update 09-09-2008 - 08:34
Published 01-06-1998 - 00:00
Back to Top