Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> General >> Brightmail Control Center Default Account/Password


Vulnerability Assessment Details

Brightmail Control Center Default Account/Password

Vulnerability Assessment Summary
Checks for default account / password in Brightmail Control Center

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote server uses known authentication credentials.

Description :

The remote host is running Symantec's Brightmail Control Center, a
web-based administration tool for Brightmail AntiSpam.

The installation of Brightmail Control Center on the remote host still
has an account 'admin' with the default password 'symantec'. An
attacker can exploit this issue to gain access of the Control Center
and any scanners it controls.

Solution :

Log in to the Brightmail Control Center and change the password for
the 'admin' user.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors

New Dell M610 PowerEdge Blade Server Redhat Version 5 2x 73GB HDD Linux 5 Unit#2
$4.95
New Dell M610 PowerEdge Blade Server Redhat Version 5 2x 73GB HDD Linux 5 Unit#2 pictureHP ProLiant DL360 G7 Rack Server Intel Xeon 12GB RAM 2x146GB 3x300GB HDD Linux
$149.99
HP ProLiant DL360 G7 Rack Server Intel Xeon 12GB RAM 2x146GB 3x300GB HDD Linux pictureRed Hat Linux Advanced Server Operating System 5-Disc NOS 2002
$39.99
Red Hat Linux Advanced Server Operating System 5-Disc NOS 2002 pictureDIGI 70002403 CONNECTPORT LTS 16 LINUX TERMINAL SERVER AC-20 AC POWER CORD
$12.95
DIGI 70002403 CONNECTPORT LTS 16 LINUX TERMINAL SERVER    AC-20 AC POWER CORD picture


Discussions

No Discussions have been posted on this vulnerability.