Vulnerabilities > CVE-1999-0508

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
nessus
metasploit

Summary

An account on a router, firewall, or other network device has a default, null, blank, or missing password.

Metasploit

descriptionThis module logs in to SNMP devices using common community names.
idMSF:AUXILIARY/SCANNER/SNMP/SNMP_LOGIN
last seen2020-06-02
modified2019-06-27
published2011-11-20
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0508
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/snmp/snmp_login.rb
titleSNMP Community Login Scanner

Nessus

  • NASL familyDatabases
    NASL idPOSTGRESQL_UNPASSWORDED.NASL
    descriptionIt is possible to connect to the remote PostgreSQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database.
    last seen2020-06-01
    modified2020-06-02
    plugin id10483
    published2000-07-27
    reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10483
    titlePostgreSQL Default Unpassworded Account
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
     script_id(10483);
     script_version("1.24");
     script_cvs_date("Date: 2018/08/13 14:32:36");
    
     script_cve_id("CVE-1999-0508");
    
     script_name(english:"PostgreSQL Default Unpassworded Account");
     script_summary(english:"Attempts to log into the remote PostgreSQL daemon");
    
     script_set_attribute(attribute:"synopsis", value:"The remote database server can be accessed without a password.");
     script_set_attribute(attribute:"description", value:
    "It is possible to connect to the remote PostgreSQL database server
    using an unpassworded account. This may allow an attacker to launch
    further attacks against the database.");
     script_set_attribute(attribute:"solution", value:
    "Log into this host and set a password for any affected accounts using
    the 'ALTER USER' command.
    
    In addition, configure the service by editing the file 'pg_hba.conf'
    to require a password (or Kerberos) authentication for all remote
    hosts that have legitimate access to this service and to require a
    password locally using the line 'local all password'.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"metasploit_name", value:'SNMP Community Scanner');
     script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
     script_set_attribute(attribute:"vuln_publication_date", value:"1999/07/17");
     script_set_attribute(attribute:"plugin_publication_date", value:"2000/07/27");
    
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql");
     script_set_attribute(attribute:"exploited_by_nessus", value:"true");
      script_set_attribute(attribute:"default_account", value:"true");
      script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
     script_family(english:"Databases");
    
     script_dependencies("postgresql_detect.nasl");
     script_require_ports("Services/postgresql", 5432);
    
     exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    port = get_service(svc:"postgresql", default:5432, exit_on_fail:TRUE);
    
    #
    # Request the database 'template1' as the user 'postgres' or 'pgsql'
    #
    zero = raw_string(0x00);
    
    user[0] = "postgres";
    user[1] = "pgsql";
    
    for(i=0;i<2;i=i+1)
    {
     soc = open_sock_tcp(port);
     if (!soc) audit(AUDIT_PORT_CLOSED, port);
    
     usr = user[i];
     len = 224 - strlen(usr);
    
     req = raw_string(0x00, 0x00, 0x01, 0x28, 0x00, 0x02,
        	         0x00, 0x00, 0x74, 0x65, 0x6D, 0x70, 0x6C, 0x61,
    		 0x74, 0x65, 0x31) + crap(data:zero, length:55) +
            usr +
           crap(data:zero, length:len);
    
    
     send(socket:soc, data:req);
     r = recv(socket:soc, length:5);
     r2 = recv(socket:soc, length:1024);
    
     if((r[0]=="R") && (strlen(r2) == 10))
      {
        dbs = "";
        req = raw_string(0x51) + "select * from pg_database;" +
        	  raw_string(0x00);
        send(socket:soc, data:req);
    
        r = recv(socket:soc, length:65535);
        #display(r);
        close(soc);
        skip = 87;
        ok = 1;
        while(ok)
        {
         db = "";
    
         len = ord(r[skip]);
         len_r = strlen(r);
         lenskip = len + skip;
    
         if(lenskip > len_r)ok = 0;
         else
         {
          len = ord(r[skip]) - 4;
          for(i=0;i<len;i=i+1)
           db = db + r[skip+i+1];
    
          dbs = dbs + ". " + db + string("\n");
          skip = skip + len + 21 + len;
          if(skip > strlen(r))ok=0;
         }
       }
    
        report = string(
          "\n",
          "Nessus was able to log in as the user '", usr, "'.\n",
          "\n",
          "Here is the list of the databases on the remote host :\n",
          "\n",
          dbs, "\n"
        );
        security_hole(port:port, extra:report);
        set_kb_item(name: 'postgresql/no_pass/'+port, value: TRUE);
        exit(0);
      }
      close(soc);
    }
    
  • NASL familyMisc.
    NASL idDDI_LANROVER_BLANK_PASSWORD.NASL
    descriptionThe Shiva LanRover has no password set for the root user account. An attacker is able to telnet to this system and gain access to any phone lines attached to this device. Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.
    last seen2020-06-01
    modified2020-06-02
    plugin id10998
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2018 Digital Defense Incorporated
    sourcehttps://www.tenable.com/plugins/nessus/10998
    titleShiva LanRover Blank Password
    code
    #
    # This script was written by H D Moore <[email protected]>
    #
    # See the Nessus Scripts License for details
    #
    
    include("compat.inc");
    
    if(description)
    {
     script_id(10998);
     script_version ("1.11");
     script_cvs_date("Date: 2018/08/09 17:06:37");
    
     script_cve_id("CVE-1999-0508");
     
     script_name(english:"Shiva LanRover Blank Password");
     script_summary(english:"Checks for a blank password for the root account");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote network device does not use an administrative password.");
     script_set_attribute(attribute:"description", value:
    "The Shiva LanRover has no password set for the root user account.  An
    attacker is able to telnet to this system and gain access to any phone
    lines attached to this device.  
    
    Additionally, the LanRover can be used as a relay point for further
    attacks via the telnet and rlogin functionality available from the
    administration shell.");
     script_set_attribute(attribute:"solution", value:
    "Telnet to this device and change the password for the root account via
    the passwd command.  Please ensure any other accounts have strong
    passwords set.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'SNMP Community Scanner');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
     script_set_attribute(attribute:"plugin_publication_date", value:
    "2002/06/05");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_end_attributes();
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2002-2018 Digital Defense Incorporated");
    
     script_family(english:"Misc.");
     script_dependencie("find_service1.nasl");
     script_require_ports("Services/telnet", 23);
     exit(0);
    }
    
    include('telnet_func.inc');
    port = 23;
    if(!get_port_state(port))exit(0);
    
    banner = get_telnet_banner(port:port);
    if ( ! banner || "@ Userid:" >!< r ) exit(0);
    
    soc = open_sock_tcp(port);
    
    if(soc)
    {
        r = telnet_negotiate(socket:soc);
    
        if("@ Userid:" >< r)
        { 
            send(socket:soc, data:string("root\r\n"));
            r = recv(socket:soc, length:4096);
            
            if("Password?" >< r)
            {
                send(socket:soc, data:string("\r\n"));
                r = recv(socket:soc, length:4096);
    
                if ("Shiva LanRover" >< r)
                {
                    security_hole(port:port);
                }
           }
        }
        close(soc);
    }
    
  • NASL familyWeb Servers
    NASL idMIKROTIK_BLANK_PASSWORD_WWW.NASL
    descriptionThe remote host is running MikroTik RouterOS without a password for its
    last seen2020-06-01
    modified2020-06-02
    plugin id39420
    published2009-06-17
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39420
    titleMikroTik RouterOS with Blank Password (HTTP)
  • NASL familyCISCO
    NASL idCISCO_DEFAULT_PW.NASL
    descriptionThe remote Cisco router has a default password set. A remote, unauthenticated attacker can exploit this to gain administrative access.
    last seen2020-04-30
    modified2006-12-23
    plugin id23938
    published2006-12-23
    reporterThis script is Copyright (C) 2006-2020 Javier Fernandez-Sanguino and Renaud Deraison
    sourcehttps://www.tenable.com/plugins/nessus/23938
    titleCisco Device Default Password
  • NASL familyCGI abuses
    NASL idDDI_UNPROTECTED_SITESCOPE.NASL
    descriptionThe remote SiteScope web service has no password set. An attacker who can connect to this server can view usernames and passwords stored in the preferences section or reconfigure the service.
    last seen2020-06-01
    modified2020-06-02
    plugin id10778
    published2001-09-28
    reporterThis script is Copyright (C) 2001-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10778
    titleSiteScope Web Service Unpassworded Access
  • NASL familyMisc.
    NASL idPASSWORDLESS_CAYMAN_ROUTER.NASL
    descriptionThe remote router has no password. An intruder may connect to it and disable it easily.
    last seen2020-06-01
    modified2020-06-02
    plugin id10345
    published2000-03-12
    reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10345
    titleCayman DSL Router Unauthenticated Access
  • NASL familyWeb Servers
    NASL idDDI_ENHYDRA_DEFAULT.NASL
    descriptionThis system appears to be running the Enhydra application server configured with the default administrator password of
    last seen2020-06-01
    modified2020-06-02
    plugin id11202
    published2003-01-22
    reporterThis script is Copyright (C) 2003-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11202
    titleEnhydra Multiserver Default Password
  • NASL familyWeb Servers
    NASL idALLIED_TELESYN_WEB.NASL
    descriptionThe Allied Telesyn Router/Switch has the default password set. The attacker could use this default password to gain remote access to your switch or router. This password could also be potentially used to gain other sensitive information about your network from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id18413
    published2005-06-03
    reporterThis script is Copyright (C) 2005-2012 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18413
    titleAllied Telesyn Router/Switch Web Interface Default Password
  • NASL familyCISCO
    NASL idDDI_LINKSYS_ROUTER_DEFAULT_PASSWORD.NASL
    descriptionThe remote Linksys router accepts the default password
    last seen2020-06-01
    modified2020-06-02
    plugin id10999
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2013 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10999
    titleLinksys Router Default Password
  • NASL familyCISCO
    NASL idCISCO_NO_PW.NASL
    descriptionThe remote host appears to be a Cisco router or switch with no password set. This can allow a remote attacker to login to the device and take control of it.
    last seen2020-06-01
    modified2020-06-02
    plugin id10754
    published2001-09-07
    reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10754
    titleCisco Multiple Devices Unpassworded Account
  • NASL familyMisc.
    NASL idDDI_MOTOROLA_VANGUARD_NO_PASS.NASL
    descriptionThis device is a Motorola Vanguard router and has no password set. An attacker can reconfigure this device without providing any authentication.
    last seen2020-06-01
    modified2020-06-02
    plugin id11203
    published2003-01-22
    reporterThis script is Copyright (C) 2003-2012 Digital Defense
    sourcehttps://www.tenable.com/plugins/nessus/11203
    titleMotorola Vanguard with No Password (telnet check)
  • NASL familyCGI abuses
    NASL idDDI_JAVASERVER_DEFAULT.NASL
    descriptionThe remote host is running the Sun JavaServer. This server has the default username and password of admin. An attacker can use this to gain complete control over the web server configuration and possibly execute commands.
    last seen2020-06-01
    modified2020-06-02
    plugin id10995
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10995
    titleSun JavaServer Default Admin Password
  • NASL familyWindows
    NASL idDDI_UNPROTECTED_PCANYWHERE.NASL
    descriptionThe pcAnywhere service does not require a password to access the desktop of this system. If this machine is running Windows 95, 98, or ME, gaining full control of the machine is trivial. If this system is running NT or 2000 and is currently logged out, an attacker can still spy on and hijack a legitimate user
    last seen2020-06-01
    modified2020-06-02
    plugin id10798
    published2001-11-07
    reporterThis script is Copyright (C) 2002-2012 Digital Defense Incorporated
    sourcehttps://www.tenable.com/plugins/nessus/10798
    titleSymantec pcAnywhere Service Unrestricted Access
  • NASL familyMisc.
    NASL idSHIVA_DEFAULT_PASS.NASL
    descriptionThe remote Shiva router uses the default password. This means that anyone who has (downloaded) a user manual can telnet to it and reconfigure it to lock you out of it, and to prevent you to use your internet connection.
    last seen2020-06-01
    modified2020-06-02
    plugin id10500
    published2000-08-31
    reporterThis script is Copyright (C) 2000-2018 Stefaan Van Dooren
    sourcehttps://www.tenable.com/plugins/nessus/10500
    titleShiva Integrator Default Password
  • NASL familyMisc.
    NASL idACCELAR_1200.NASL
    descriptionThe remote device appears to be a Bay Networks Accelar 1200 Switch that can be accessed using default credentials. An attacker could leverage this issue to gain administrative access to the affected device. This password could also be potentially used to gain other sensitive information about the network from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id18415
    published2005-06-03
    reporterThis script is Copyright (C) 2005-2015 Charles Thier
    sourcehttps://www.tenable.com/plugins/nessus/18415
    titleBay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
  • NASL familyMisc.
    NASL idALLIED_TELESYN_TELNET.NASL
    descriptionThe remote device appears to be an Allied Telesyn router or switch that can be accessed using default credentials. An attacker could leverage this issue to gain administrative access to the affected device. This password could also be potentially used to gain other sensitive information about the network from the device.
    last seen2020-06-01
    modified2020-06-02
    plugin id18414
    published2005-06-03
    reporterThis script is Copyright (C) 2005-2015 Charles Thier
    sourcehttps://www.tenable.com/plugins/nessus/18414
    titleAllied Telesyn Router/Switch Default Password
  • NASL familyCGI abuses
    NASL idOPENWRT_BLANK_TELNET_PASSWORD.NASL
    descriptionThe remote host is running OpenWrt, an open source Linux distribution for embedded devices, especially routers. It is currently configured without a password, which is the case by default. Anyone can connect to the device via Telnet and gain administrative access to it.
    last seen2020-06-01
    modified2020-06-02
    plugin id40354
    published2009-07-23
    reporterThis script is Copyright (C) 2009-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40354
    titleOpenWrt Router with a Blank Password (telnet check)
  • NASL familyCGI abuses
    NASL idDDI_WHATSUP_DEFAULT.NASL
    descriptionThis WhatsUp Gold server still has the default password for the admin user account. An attacker can use this account to probe other systems on the network and obtain sensitive information about the monitored systems.
    last seen2020-06-01
    modified2020-06-02
    plugin id11004
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11004
    titleIpswitch WhatsUp Gold Default Admin Account
  • NASL familyWeb Servers
    NASL idDDI_TOMCAT_DEFAULT_ACCOUNTS.NASL
    descriptionThis host appears to be the running the Apache Tomcat Servlet engine with the default accounts still configured. A potential intruder could reconfigure this service in a way that grants system access.
    last seen2020-03-26
    modified2003-01-22
    plugin id11204
    published2003-01-22
    reporterThis script is Copyright (C) 2003-2020 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11204
    titleApache Tomcat Default Accounts
  • NASL familyMisc.
    NASL idAVAYA_SWITCHES.NASL
    descriptionThe remote host appears to be an Avaya P330 Stackable Switch with its default password set. An attacker could use this default password to gain remote access to the affected switch. This password could also be potentially used to gain other sensitive information about the remote network from the switch.
    last seen2020-06-01
    modified2020-06-02
    plugin id17638
    published2005-03-28
    reporterThis script is Copyright (C) 2005-2012 Charles Thier
    sourcehttps://www.tenable.com/plugins/nessus/17638
    titleAvaya P330 Stackable Switch Default Password
  • NASL familyMisc.
    NASL id3COM_SWITCHES.NASL
    descriptionThe 3Com Superstack 3 switch has the default passwords set. The attacker could use these default passwords to gain remote access to your switch and then reconfigure the switch. These passwords could also be potentially used to gain sensitive information about your network from the switch.
    last seen2020-06-01
    modified2020-06-02
    plugin id10747
    published2001-08-29
    reporterThis script is Copyright (C) 2001-2018 Patrik Karlsson
    sourcehttps://www.tenable.com/plugins/nessus/10747
    title3Com Superstack 3 Switch Multiple Default Accounts
  • NASL familyMisc.
    NASL idMIKROTIK_BLANK_PASSWORD.NASL
    descriptionThe remote host is running MikroTik RouterOS without a password for its
    last seen2020-06-01
    modified2020-06-02
    plugin id30213
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30213
    titleMikroTik RouterOS with Blank Password (telnet check)
  • NASL familyMisc.
    NASL idNORTEL_PASSPORT_DEFAULT_PASS.NASL
    descriptionThe remote switch/routers uses the default password. This means that anyone who has (downloaded) a user manual can telnet to it and gain administrative access.
    last seen2020-06-01
    modified2020-06-02
    plugin id10989
    published2002-06-05
    reporterThis script is Copyright (C) 2002-2018 Rui Bernardino
    sourcehttps://www.tenable.com/plugins/nessus/10989
    titleNortel/Bay Networks Default Password
  • NASL familyMisc.
    NASL idDDI_AIRCONNECT_DEFAULT_PASSWORD.NASL
    descriptionThis AirConnect wireless access point still has the default password set for the web interface. This could be abused by an attacker to gain full control over the wireless network settings.
    last seen2020-06-01
    modified2020-06-02
    plugin id10961
    published2002-05-22
    reporterThis script is Copyright (C) 2002-2018 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10961
    titleAirConnect Default Password
  • NASL familyMisc.
    NASL idDDI_F5_DEFAULT_SUPPORT.NASL
    descriptionThe remote F5 Networks device has the default password set for the
    last seen2020-06-01
    modified2020-06-02
    plugin id10820
    published2001-12-06
    reporterThis script is Copyright (C) 2001-2014 Digital Defense Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10820
    titleF5 Device Default Support Password