Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
feature request: detecting default passwords on Dell Remote Access Consoles (DRAC)
Jason.Haar at trimble
Nov 17, 2008, 8:40 PM
Post #1 of 2 (2944 views)
Permalink
Hi there

I just came across a couple of servers on our network where the
SysAdmins hadn't changed the default password. It occurred to me that
relying on humans to do the right thing all the time is a bit of an ask
- that's where Nessus kicks in!

So how about a plugin that detects DRAC Web interfaces, and attempts to
login using the default username/password pair, and declares a Security
Hole if it finds it? BTW, I know we have DRAC4 and DRAC5 cards on our
networks, and they have different Web server apps on them - so it would
need to cover those, and I'd guess that means there's a DRAC3 and even
older - although I haven't seen such things myself.

Thanks!

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: feature request: detecting default passwords on Dell Remote Access Consoles (DRAC) [ In reply to ]
raleel at gmail
Nov 18, 2008, 5:47 AM
Post #2 of 2 (2832 views)
Permalink
well, some of those are regular web pages, so the regular web login stuff
should work. You can also try telnet, as that also works on some models. The
later ones (at least up to the point where I stopped looking) had a java
app, and I don't think it worked with the web login or the telnet login.
However, yes, this is a problem that has been seen before. IIRC, I didn't
have enough to warrant a full blown plugin on those that were java based,
and I wasn't sure how to proceed. Those that worked with the default
username and password were pretty easy to find.

IIRC, I scanned and pulled out all the webserver that matched correctly then
tried them by hand.

On Mon, Nov 17, 2008 at 8:40 PM, Jason Haar <Jason.Haar@trimble.co.nz>wrote:

> Hi there
>
> I just came across a couple of servers on our network where the
> SysAdmins hadn't changed the default password. It occurred to me that
> relying on humans to do the right thing all the time is a bit of an ask
> - that's where Nessus kicks in!
>
> So how about a plugin that detects DRAC Web interfaces, and attempts to
> login using the default username/password pair, and declares a Security
> Hole if it finds it? BTW, I know we have DRAC4 and DRAC5 cards on our
> networks, and they have different Web server apps on them - so it would
> need to cover those, and I'd guess that means there's a DRAC3 and even
> older - although I haven't seen such things myself.
>
> Thanks!
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal