A while back [1] I wrote a Cisco default password test plugin
Attached is a new (untested) version of it, which testes SSH as well
as Telnet access and checks the banner for the Cisco device.
Unfortunately, I don't have access to any Cisco stuff right now. If
people can test and provide feedback (or patches) I would really
appreciate it.
I've submitted this as Bug #1328 in Nessus' bugzilla. I was quite
surprised at the time that Nessus is not able to find this common
misconfiguration. Maybe I've missed something.
There is lots of room for enhancement. For example, it could store the
CISCO IOS release in the KB so that other plugins (in the Registered
feed) could use the functions in cisco_func.inc to determine if the
system is vulnerable as is currently done through SNMP (all the
CSCXXXX.nasl stuff)
Or, it could store the user/password combination in the KB and have
another plugin test for common combinations that lead to 'enable' mode.
Notice that this plugin overlaps with #10754 (since there is test for
empty passwords here too).
Regards
Javier
http://mail.nessus.org/pipermail/nessus/2005-August/msg00034.html
Attached is a new (untested) version of it, which testes SSH as well
as Telnet access and checks the banner for the Cisco device.
Unfortunately, I don't have access to any Cisco stuff right now. If
people can test and provide feedback (or patches) I would really
appreciate it.
I've submitted this as Bug #1328 in Nessus' bugzilla. I was quite
surprised at the time that Nessus is not able to find this common
misconfiguration. Maybe I've missed something.
There is lots of room for enhancement. For example, it could store the
CISCO IOS release in the KB so that other plugins (in the Registered
feed) could use the functions in cisco_func.inc to determine if the
system is vulnerable as is currently done through SNMP (all the
CSCXXXX.nasl stuff)
Or, it could store the user/password combination in the KB and have
another plugin test for common combinations that lead to 'enable' mode.
Notice that this plugin overlaps with #10754 (since there is test for
empty passwords here too).
Regards
Javier
http://mail.nessus.org/pipermail/nessus/2005-August/msg00034.html