|
Family: CGI abuses --> Category: attack
Geronimo Console Default Credentials Vulnerability Scan
Vulnerability Scan Summary Checks for default credentials in Geronimo console
Detailed Explanation for this Vulnerability Test
Synopsis :
The administration console for the remote web server is protected with
default credentials.
Description :
The remote host appears to be running Geronimo, an open-source J2EE
server from the Apache Software Foundation.
The installation of Geronimo on the remote host uses the default
username and password to control access to its administrative console.
Knowing these, a possible hacker can gain control of the affected
application.
Solution :
Alter the credentials in 'var/security/users.properties' or when
deploying Geronimo.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|