The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Metrics Scan

Discussion in 'Security' started by mickalo, Nov 14, 2008.

  1. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    Hello,

    we have a customer who uses this Security Metrics to process secure ordering. They ran a scan the other day on our server and had one issue which I'm not real sure what can be done or how to correct it. This is the issue they sent us:
    Code:
    Synopsis : It is possible to log on the remote device with 
    a default password. Description : The remote Linksys device has 
    its default password (no username  / 'admin') set. An attacker may 
    connect to it and reconfigure it using this account. Solution: Connect 
    to this port with a web browser, and click on the 'Password' section 
    to set a strong password. Risk Factor: High  / CVSS Base Score : 
    7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) 
    Other references : OSVDB:
    
    This is in reference to TCP ports 2082 and 2095. Is there way to correct this issue that won't cause problems?

    Thx's
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    it looks distinctly like a false positive, unless you have an account 'admin' with no password set on it on your server
     
  3. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    thanks for the info. there is an account "admin" setup but that's been there since the server was setup over 4yrs ago and has a password assigned to it. So not sure what the problem is.

    Mike
     
  4. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Their scanner thinks that it can log into 2082 and 2095 with no username set, and a password of: admin

    It's highly unlikely that's accurate as nickp666 said, but I'd try it anyway, and when it doesn't actually work, I'd tell the SecurityMetrics people what nick said, that it's a false positive.

    I wonder if the SecurityMetrics people are allowed to verify the scan results manually. If they are adamant that the results are accurate, tell them you give them permission to try to manually verify the results.

    If you wouldn't mind, I'd be interested in knowing the outcome of this (e.g., how SecurityMetrics handled it, if they were able to manually attempt to verify the results, etc).
     
  5. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    well I think the false/positive results is exactly the issue. we've gone through and manually tried logging in on those ports and it always failed. The "admin" account does not have SSH/shell access either.

    we've submitted our finding to those Security Metrics people and awaiting their response.

    thx's for assistance.

    Mike
     
Loading...

Share This Page