Hi there
I just came across a couple of servers on our network where the
SysAdmins hadn't changed the default password. It occurred to me that
relying on humans to do the right thing all the time is a bit of an ask
- that's where Nessus kicks in!
So how about a plugin that detects DRAC Web interfaces, and attempts to
login using the default username/password pair, and declares a Security
Hole if it finds it? BTW, I know we have DRAC4 and DRAC5 cards on our
networks, and they have different Web server apps on them - so it would
need to cover those, and I'd guess that means there's a DRAC3 and even
older - although I haven't seen such things myself.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
I just came across a couple of servers on our network where the
SysAdmins hadn't changed the default password. It occurred to me that
relying on humans to do the right thing all the time is a bit of an ask
- that's where Nessus kicks in!
So how about a plugin that detects DRAC Web interfaces, and attempts to
login using the default username/password pair, and declares a Security
Hole if it finds it? BTW, I know we have DRAC4 and DRAC5 cards on our
networks, and they have different Web server apps on them - so it would
need to cover those, and I'd guess that means there's a DRAC3 and even
older - although I haven't seen such things myself.
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus