1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#
# This script was written by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#
if(description)
{
script_id(10468);
name["english"] = "Netscape Administration Server admin password";
name["francais"] = "Netscape Administration Server admin password";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "
The file /admin-serv/config/admpw is readable.
This file contains the encrypted password for the Netscape
administration server. Although it is encrypted, an attacker
may attempt to crack it by brute force.
Solution : Remove read access permissions for this file and/or stop
the netscape admininistration server.
Risk factor : Medium";
desc["francais"] = "
Le fichier /admin-serv/config/admpw est lisible par tous.
Ce fichier contient le mot de passe crypt du serveur
d'administration Netscape.
Bien qu'il soit crypt, ce mot de passe est la merci
d'un pirate qui peut le retrouver par force brute.
Solution : mettez des protections de lecture sur ce fichier et/ou
stoppez le serveur d'administration netscape
Facteur de risque : Moyen";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "Reads admpw";
summary["francais"] = "Lit admpw";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
family["english"] = "CGI abuses";
family["francais"] = "Abus de CGI";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
port = is_cgi_installed("/admin-serv/config/admpw");
if(port)security_hole(port);
|
