| VID |
22154 |
| Severity |
40 |
| Port |
8888 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Netscape Enterprise Server has the default administrative account with "admin/admin".
Netscape(the current name : iPlanet) Enterprise Server is an web(http) server product offered by the Sun-Netscape Alliance. This server uses the Administrative web interface that runs on the specified port(8888/TCP), is configured in initial installing. The server has the default account with username and password of "admin", can be used for a remote attacker to access the Administrative web interface. The account management is important in preventing unauthorized access to the server. If this default administrative account still exists on the server, a remote attacker can re-configure the web server, cause a denial of service condition, or gain access to the server. |
| Recommendation |
Change the default passwords a difficult to guess password.
1. Access Enterprise Administration Server by typing the following URL : "http://hostname.domain_name:administration_port" in your web browser.
2. Click the "Preferences" tab and click the Superuser Access Control Link.
3. Specifies the user name of the "admin" server administrator in the Authentication User Name field.
4. Specifies the new password in the Authentication Password and Authentication Password(again) field.
5. Click [OK].
You can gain the more information of Netscape Enterprise server from Sun's web site:
http://docs.sun.com/db/prod/s1.nsents?l=en#hic |
| Related URL |
CVE-1999-0508 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
