[Openvas-discuss] False Positive - NVT: HTTP Brute Force Logins with default Credentials

Reindl Harald h.reindl at thelounge.net
Fri Jan 6 19:33:41 CET 2012


thanks for the NVT-update today, so now i know what triggers
the false-positive, one step closer.....

* the page shows navigation + html login-form
* http status = 401 Unauthorized
* Below a test to bypass with http-auth and MAIL:MAIL
* so i see no error on my side, previously thought wrong staus-code, but not

the question now is how can this be debugged to get "severity high" away
___________________________________________

[harry at srv-rhsoft:~/Desktop]$ php test.php
failed to open stream: HTTP request failed! HTTP/1.0 401 Unauthorized
in /home/harry/Desktop/test.php on line 2
___________________________________________

NVT: HTTP Brute Force Logins with default Credentials (OID: 1.3.6.1.4.1.25623.1.0.103240)
It was possible to login into the remote Web Application using default credentials.

URL:User:Password
/testcms/show_content.php:MAIL:MAIL
/testcms/show_content.php:admin:changeme
/testcms/show_content.php:admin:default
/testcms/show_content.php:dhs3pms:dhs3pms
/testcms/show_content.php:root:Mau'dib
/testcms/show_content.php:login:password
/testcms/show_content.php:PFCUser:240653C9467E45
/testcms/show_content.php:Administrator:letmein
/testcms/show_content.php:davox:davox
/testcms/show_content.php:debug:synnet
/testcms/show_content.php:MANAGER:SECURITY
/testcms/show_content.php:FIELD:SERVICE
/testcms/show_content.php:sa:
/testcms/show_content.php:Cisco:Cisco
/testcms/show_content.php:root:attack
/testcms/show_content.php:guest:
/testcms/show_content.php:MGR:CONV
/testcms/show_content.php:MANAGER:TELESUP
/testcms/show_content.php:volition:volition
/testcms/show_content.php:administrator:administrator
/testcms/show_content.php:FIELD:HPP187 SYS
/testcms/show_content.php:public:
/testcms/show_content.php:cmaker:cmaker
/testcms/show_content.php:OPERATOR:DISC
/testcms/show_content.php:OPERATOR:SUPPORT
/testcms/show_content.php:admin:synnet
/testcms/show_content.php:SYSDBA:masterkey
/testcms/show_content.php:PBX:PBX
/testcms/show_content.php:apc:apc
/testcms/show_content.php:acc:acc
/testcms/show_content.php:root:tslinux
/testcms/show_content.php:tech:tech
/testcms/show_content.php:root:ascend
/testcms/show_content.php:operator:
/testcms/show_content.php:FIELD:MANAGER
/testcms/show_content.php:MGR:WORD
/testcms/show_content.php:root:root
/testcms/show_content.php:OPERATOR:COGNOS
/testcms/show_content.php:super:surt
/testcms/show_content.php:netrangr:attack
/testcms/show_content.php:install:llatsni
/testcms/show_content.php:Manager:
/testcms/show_content.php:admin:hello
/testcms/show_content.php:admin:bintec
/testcms/show_content.php:craft:
/testcms/show_content.php:MGR:TELESUP
/testcms/show_content.php:manager:manager
/testcms/show_content.php:MANAGER:TCH
/testcms/show_content.php:cgadmin:cgadmin
/testcms/show_content.php:adm:
/testcms/show_content.php:monitor:monitor
/testcms/show_content.php:MGR:VESOFT
/testcms/show_content.php:admin:my_DEMARC
/testcms/show_content.php:WP:HPOFFICE
/testcms/show_content.php:manager:friend
/testcms/show_content.php:diag:switch
/testcms/show_content.php:Anonymous:
/testcms/show_content.php:netman:netman
/testcms/show_content.php:root:davox
/testcms/show_content.php:MANAGER:HPOFFICE
/testcms/show_content.php:MGR:HPOFFICE
/testcms/show_content.php:Guest:
/testcms/show_content.php:admin:radius
/testcms/show_content.php:security:security
/testcms/show_content.php:admin:epicrouter
/testcms/show_content.php:supervisor:supervisor
/testcms/show_content.php:MGR:RJE
/testcms/show_content.php:MAIL:MPE
/testcms/show_content.php:root:
/testcms/show_content.php:DTA:TJM
/testcms/show_content.php:admin:cisco
/testcms/show_content.php:NICONEX:NICONEX
/testcms/show_content.php:MGR:ROBELLE
/testcms/show_content.php:FIELD:SUPPORT
/testcms/show_content.php:FIELD:HPONLY
/testcms/show_content.php:MGR:CNAS
/testcms/show_content.php:RSBCMON:SYS
/testcms/show_content.php:HELLO:OP.OPERATOR
/testcms/show_content.php:NETWORK:NETWORK
/testcms/show_content.php:admin:linga
/testcms/show_content.php:admin:switch
/testcms/show_content.php:hscroot:abc123
/testcms/show_content.php:admin:
/testcms/show_content.php:Administrator:the same all over
/testcms/show_content.php:MGR:XLSERVER
/testcms/show_content.php:HELLO:MANAGER.SYS
/testcms/show_content.php:kermit:kermit
/testcms/show_content.php:MGR:CAROLIAN
/testcms/show_content.php:ADVMAIL:HP
/testcms/show_content.php:D-Link:D-Link
/testcms/show_content.php:MDaemon:MServer
/testcms/show_content.php:MGR:ITF3000
/testcms/show_content.php:admin:netadmin
/testcms/show_content.php:admin:secure
/testcms/show_content.php:admin:system
/testcms/show_content.php:tech:
/testcms/show_content.php:customer:
/testcms/show_content.php:MGR:SYS
/testcms/show_content.php:MGR:NETBASE
/testcms/show_content.php:root:fivranne
/testcms/show_content.php:bbsd-client:changeme2
/testcms/show_content.php:user:user
/testcms/show_content.php:vt100:public
/testcms/show_content.php:root:ROOT500
/testcms/show_content.php:cellit:cellit
/testcms/show_content.php:anonymous:
/testcms/show_content.php:netman:
/testcms/show_content.php:Administrator:
/testcms/show_content.php:MAIL:REMOTE
/testcms/show_content.php:manager:admin
/testcms/show_content.php:intel:intel
/testcms/show_content.php:MGR:SECURITY
/testcms/show_content.php:MGR:HPP189
/testcms/show_content.php:operator:operator
/testcms/show_content.php:mediator:mediator
/testcms/show_content.php:MGR:HPDESK
/testcms/show_content.php:adminttd:adminttd
/testcms/show_content.php:sysadm:anicust
/testcms/show_content.php:setup:setup
/testcms/show_content.php:HELLO:FIELD.SUPPORT
/testcms/show_content.php:mtcl:mtcl
/testcms/show_content.php:MGR:CCC
/testcms/show_content.php:bbsd-client:null
/testcms/show_content.php:root:cms500
/testcms/show_content.php:admin:comcomcom
/testcms/show_content.php:MANAGER:ITF3000
/testcms/show_content.php:admin:password
/testcms/show_content.php:OPERATOR:SYSTEM
/testcms/show_content.php:IntraStack:Asante
/testcms/show_content.php:MGR:INTX3
/testcms/show_content.php:Root:
/testcms/show_content.php:admin:1234
/testcms/show_content.php:root:tini
/testcms/show_content.php:FIELD:MGR
/testcms/show_content.php:anonymous:any@
/testcms/show_content.php:Administrator:changeme
/testcms/show_content.php:FIELD:LOTUS
/testcms/show_content.php:root:permit
/testcms/show_content.php:adfexc:adfexc
/testcms/show_content.php:root:default
/testcms/show_content.php:halt:tlah
/testcms/show_content.php:MGR:HPP187
/testcms/show_content.php:PCUSER:SYS
/testcms/show_content.php:readonly:lucenttech2
/testcms/show_content.php:SPOOLMAN:HPOFFICE
/testcms/show_content.php:MGR:HPONLY
/testcms/show_content.php:MANAGER:SYS
/testcms/show_content.php:diag:danger
/testcms/show_content.php:user:
/testcms/show_content.php:craft:crftpw
/testcms/show_content.php:login:admin
/testcms/show_content.php:admin:admin
/testcms/show_content.php:client:client
/testcms/show_content.php:OPERATOR:SYS
/testcms/show_content.php:MGR:COGNOS
/testcms/show_content.php:manuf:xxyyzz
/testcms/show_content.php:3comcso:RIP000
/testcms/show_content.php:dhs3mt:dhs3mt
/testcms/show_content.php:ADVMAIL:HPOFFICE DATA
/testcms/show_content.php:superadmin:secret
/testcms/show_content.php:superuser:
/testcms/show_content.php:recovery:recovery
/testcms/show_content.php:NETOP:
/testcms/show_content.php:IntraSwitch:Asante
/testcms/show_content.php:cisco:
/testcms/show_content.php:rwa:rwa


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120106/fdb9879f/attachment.asc>


More information about the Openvas-discuss mailing list