Hi there I just came across a couple of servers on our network where the SysAdmins hadn't changed the default password. It occurred to me that relying on humans to do the right thing all the time is a bit of an ask - that's where Nessus kicks in!
So how about a plugin that detects DRAC Web interfaces, and attempts to login using the default username/password pair, and declares a Security Hole if it finds it? BTW, I know we have DRAC4 and DRAC5 cards on our networks, and they have different Web server apps on them - so it would need to cover those, and I'd guess that means there's a DRAC3 and even older - although I haven't seen such things myself. Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
