Plugin 10778: Unprotected SiteScope Service
I have plugin 10778 reporting positive when testing a Snap Server (based
on Guardian OS by Adaptec). The plug-in reports "The SiteScope web
service has no password set". I think this may be a false positive...
The plugin script applies this test:
ports = add_port_in_list(list:get_kb_list("Services/www"), port:8888);
foreach port (ports)
{
req =
http_get(item:"/SiteScope/cgi/go.exe/SiteScope?page=eventLog&machine=&lo
gName=System&account=administrator", port:port);
reply = sendrequest(request:req, port:port);
if ("Event Log" >< reply)
{
security_hole(port:port);
}
}
The output from the Snap Server is a Web page saying "Error 404 Not
Found", however it does contains the string:
jsInitSubMenuText(4,4,"Event Log");
--
Carl Nelson
Distributed Systems Support Section, Computer Centre, University of
Leicester, Leicester, LE1 7RH, U.K.
Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
