Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: commits

nessus-plugins/scripts DDI_Enhydra_Default.nasl,NONE,1.1

 

 

Nessus commits RSS feed   Index | Next | Previous | View Threaded


renaud at nessus

Jan 22, 2003, 6:04 AM

Post #1 of 1 (73 views)
Permalink
nessus-plugins/scripts DDI_Enhydra_Default.nasl,NONE,1.1

Update of /usr/local/cvs/nessus-plugins/scripts
In directory raccoon.nessus.org:/tmp/cvs-serv86096

Added Files:
DDI_Enhydra_Default.nasl
Log Message:
added

--- NEW FILE: DDI_Enhydra_Default.nasl ---
#
# This script was written by H D Moore <hdmoore [at] digitaldefense>
#
<a href="0143.html#0144qlink1"># See the Nessus Scripts License for details

#

if(description)
{
script_id(11202);
script_version("$Revision: 1.1 $");

name["english"] = "Enhydra Multiserver Default Password";
script_name(english:name["english"]);

desc["english"] = "

This system appears to be running the Enhydra application
server configured with the default administrator password
of 'enhydra'. A potential intruder could reconfigure this
service and use it to obtain full access to the system.

Solution: Please set a strong password of the 'admin' account.

Risk factor : High";

script_description(english:desc["english"]);

summary["english"] = "Enhydra Multiserver Default Admin Password";
script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);

script_copyright(english:"This script is Copyright (C) 2003 Digital Defense Inc.");
family["english"] = "General";
script_family(english:family["english"]);

script_dependencie("find_service.nes");
script_require_ports("Services/www", 8001);
exit(0);
}

#
<a href="0143.html#0144qlink2"># The script code starts here

#

port = get_kb_item("Services/www");
if (!port) port = 8001;

if(get_port_state(port))
{
soc = open_sock_tcp(port);
if (soc)
{
req = http_get(item:"/Admin.po?proceed=yes", port:port);
req = req - string("\r\n\r\n");
req = string(req, "\r\nAuthorization: Basic YWRtaW46ZW5oeWRyYQ==\r\n\r\n");
send(socket:soc, data:req);
buf = http_recv(socket:soc);
close(soc);

if("Enhydra Multiserver Administration" >< buf)
{
security_hole(port);
}

Nessus commits RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.