Security Metrics Scan

**mickalo** · 11-14-2008 09:04 AM

Hello,

we have a customer who uses this Security Metrics to process secure ordering. They ran a scan the other day on our server and had one issue which I'm not real sure what can be done or how to correct it. This is the issue they sent us:

Code:

Synopsis : It is possible to log on the remote device with 
a default password. Description : The remote Linksys device has 
its default password (no username  / 'admin') set. An attacker may 
connect to it and reconfigure it using this account. Solution: Connect 
to this port with a web browser, and click on the 'Password' section 
to set a strong password. Risk Factor: High  / CVSS Base Score : 
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) 
Other references : OSVDB:

This is in reference to TCP ports 2082 and 2095. Is there way to correct this issue that won't cause problems?

Thx's

**nickp666** · 11-14-2008 09:27 AM

it looks distinctly like a false positive, unless you have an account 'admin' with no password set on it on your server

**mickalo** · 11-14-2008 10:42 AM

thanks for the info. there is an account "admin" setup but that's been there since the server was setup over 4yrs ago and has a password assigned to it. So not sure what the problem is.

Mike

**jpetersen** · 11-14-2008 04:13 PM

Their scanner thinks that it can log into 2082 and 2095 with no username set, and a password of: admin

It's highly unlikely that's accurate as nickp666 said, but I'd try it anyway, and when it doesn't actually work, I'd tell the SecurityMetrics people what nick said, that it's a false positive.

I wonder if the SecurityMetrics people are allowed to verify the scan results manually. If they are adamant that the results are accurate, tell them you give them permission to try to manually verify the results.

If you wouldn't mind, I'd be interested in knowing the outcome of this (e.g., how SecurityMetrics handled it, if they were able to manually attempt to verify the results, etc).

**mickalo** · 11-14-2008 06:03 PM

well I think the false/positive results is exactly the issue. we've gone through and manually tried logging in on those ports and it always failed. The "admin" account does not have SSH/shell access either.

we've submitted our finding to those Security Metrics people and awaiting their response.

thx's for assistance.

Mike

LinkBack

Thread Tools

Security Metrics Scan

Quick Security Scan Question

Security Metrics PCI compliance - Exim fails test.

Security scan on server failed

Quick Security Scan