From 6b7215c4b373b1723e821fe0a14291da5a5846f2 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
<98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Fri, 11 Mar 2022 10:27:47 -0500
Subject: [PATCH] Dashboard Text Enhancements (#3886)
Text Enhancements
---
cves/2010/CVE-2010-1715.yaml | 6 +-
.../google/google-earth-dlogin.yaml | 7 +-
.../gophish/gophish-default-login.yaml | 7 +-
.../grafana/grafana-default-login.yaml | 8 ++
.../guacamole/guacamole-default-login.yaml | 12 ++-
.../hongdian/hongdian-default-login.yaml | 10 ++
.../hortonworks/smartsense-default-login.yaml | 11 ++-
.../hp/hp-switch-default-login.yaml | 74 ++++++++-------
.../huawei-HG532e-default-router-login.yaml | 77 ++++++++-------
.../ibm/ibm-mqseries-default-login.yaml | 95 ++++++++++---------
.../ibm/ibm-storage-default-credential.yaml | 12 ++-
.../idemia-biometrics-default-login.yaml | 13 ++-
.../iptime/iptime-default-login.yaml | 10 ++
default-logins/jboss/jmx-default-login.yaml | 12 ++-
default-logins/jenkins/jenkins-default.yaml | 10 +-
.../kafka-center-default-login.yaml | 12 ++-
default-logins/minio/minio-default-login.yaml | 10 ++
.../mofi/mofi4500-default-login.yaml | 12 ++-
.../nagios/nagios-default-login.yaml | 10 ++
.../netsus/netsus-default-login.yaml | 8 ++
default-logins/nexus/nexus-default-login.yaml | 8 ++
default-logins/nps/nps-default-login.yaml | 10 ++
default-logins/ofbiz/ofbiz-default-login.yaml | 10 ++
.../businessintelligence-default-login.yaml | 10 ++
.../paloalto/panos-default-login.yaml | 14 ++-
.../panabit/panabit-default-login.yaml | 12 ++-
.../pentaho/pentaho-default-login.yaml | 86 +++++++++--------
.../rabbitmq/rabbitmq-default-login.yaml | 12 ++-
28 files changed, 408 insertions(+), 170 deletions(-)
diff --git a/cves/2010/CVE-2010-1715.yaml b/cves/2010/CVE-2010-1715.yaml
index fff88827c5..62eb5fa734 100644
--- a/cves/2010/CVE-2010-1715.yaml
+++ b/cves/2010/CVE-2010-1715.yaml
@@ -1,16 +1,17 @@
id: CVE-2010-1715
+
info:
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
- remediation: Upgrade to a supported version.
reference:
- https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715
tags: cve,cve2010,joomla,lfi
classification:
cve-id: CVE-2010-1715
+
requests:
- method: GET
path:
@@ -23,4 +24,5 @@ requests:
- type: status
status:
- 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/google/google-earth-dlogin.yaml b/default-logins/google/google-earth-dlogin.yaml
index f6c4e88387..c93cded748 100644
--- a/default-logins/google/google-earth-dlogin.yaml
+++ b/default-logins/google/google-earth-dlogin.yaml
@@ -14,6 +14,11 @@ sudo /opt/google/gehttpd/bin/htpasswd -c
- https://www.opengee.org/geedocs/5.2.2/answer/3470759.html
metadata:
shodan-query: 'title:"GEE Server"'
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -42,4 +47,4 @@ requests:
- 'DashboardPanel'
- 'Earth Enterprise Server'
-# Enhanced by mp on 2022/03/08
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/gophish/gophish-default-login.yaml b/default-logins/gophish/gophish-default-login.yaml
index 0f459602a9..51c95010f1 100644
--- a/default-logins/gophish/gophish-default-login.yaml
+++ b/default-logins/gophish/gophish-default-login.yaml
@@ -8,6 +8,11 @@ info:
description: For versions of Gophish > 0.10.1, the temporary administrator credentials are printed in the logs when you first execute the Gophish binary.
reference:
- https://docs.getgophish.com/user-guide/getting-started
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -48,4 +53,4 @@ requests:
- "status_code==302"
condition: and
-# Enhanced by mp on 2022/03/08
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/grafana/grafana-default-login.yaml b/default-logins/grafana/grafana-default-login.yaml
index 9e8c850386..88ad944920 100644
--- a/default-logins/grafana/grafana-default-login.yaml
+++ b/default-logins/grafana/grafana-default-login.yaml
@@ -5,10 +5,16 @@ info:
author: pdteam
severity: high
tags: grafana,default-login
+ description: Grafana default admin login credentials were detected.
reference:
- https://grafana.com/docs/grafana/latest/administration/configuration/#disable_brute_force_login_protection
- https://stackoverflow.com/questions/54039604/what-is-the-default-username-and-password-for-grafana-login-page
- https://github.com/grafana/grafana/issues/14755
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -46,3 +52,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/guacamole/guacamole-default-login.yaml b/default-logins/guacamole/guacamole-default-login.yaml
index 3ab8960dd6..9f657da78c 100644
--- a/default-logins/guacamole/guacamole-default-login.yaml
+++ b/default-logins/guacamole/guacamole-default-login.yaml
@@ -5,7 +5,13 @@ info:
author: r3dg33k
severity: high
tags: guacamole,default-login
- reference: https://wiki.debian.org/Guacamole#:~:text=You%20can%20now%20access%20the,password%20are%20both%20%22guacadmin%22.
+ description: Guacamole default admin login credentials were detected.
+ reference: https://wiki.debian.org/Guacamole#:~:text=You%20can%20now%20access%20the,password%20are%20both%20%22guacadmin%22
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -41,4 +47,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/hongdian/hongdian-default-login.yaml b/default-logins/hongdian/hongdian-default-login.yaml
index a1549c0fa0..1ca17e5a22 100644
--- a/default-logins/hongdian/hongdian-default-login.yaml
+++ b/default-logins/hongdian/hongdian-default-login.yaml
@@ -4,7 +4,15 @@ info:
name: Hongdian Default Login
author: gy741
severity: high
+ description: Hongdian default login information was detected.
tags: hongdian,default-login
+ reference:
+ - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -46,3 +54,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/hortonworks/smartsense-default-login.yaml b/default-logins/hortonworks/smartsense-default-login.yaml
index 0bddf7fce8..97577393c2 100644
--- a/default-logins/hortonworks/smartsense-default-login.yaml
+++ b/default-logins/hortonworks/smartsense-default-login.yaml
@@ -4,9 +4,14 @@ info:
name: HortonWorks SmartSense Default Login
author: Techryptic (@Tech)
severity: high
- description: Default Login of admin:admin on HortonWorks SmartSense application.
+ description: HortonWorks SmartSense default admin login information was detected.
reference: https://docs.cloudera.com/HDPDocuments/SS1/SmartSense-1.2.2/bk_smartsense_admin/content/manual_server_login.html
tags: hortonworks,smartsense,default-login
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -35,4 +40,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/hp/hp-switch-default-login.yaml b/default-logins/hp/hp-switch-default-login.yaml
index 1b5d3bd755..6068ca88f4 100644
--- a/default-logins/hp/hp-switch-default-login.yaml
+++ b/default-logins/hp/hp-switch-default-login.yaml
@@ -1,33 +1,41 @@
-id: hp-switch-default-login
-info:
- name: HP 1820-8G Switch J9979A Default Credential
- author: pussycat0x
- severity: high
- reference: https://support.hpe.com/hpesc/public/docDisplay?docId=a00077779en_us&docLocale=en_US
- metadata:
- fofa-query: 'HP 1820-8G Switch J9979A'
- tags: default-login,hp
-
-requests:
- - raw:
- - |
- POST /htdocs/login/login.lua HTTP/1.1
- Host: {{Hostname}}
-
- username={{username}}&password=
-
- payloads:
- username:
- - admin
-
- matchers-condition: and
- matchers:
- - type: word
- condition: and
- words:
- - '"redirect": "/htdocs/pages/main/main.lsp"'
- - '"error": ""'
-
- - type: status
- status:
- - 200
+id: hp-switch-default-login
+info:
+ name: HP 1820-8G Switch J9979A Default Login
+ author: pussycat0x
+ severity: high
+ description: HP 1820-8G Switch J9979A default admin login credentials were discovered.
+ reference: https://support.hpe.com/hpesc/public/docDisplay?docId=a00077779en_us&docLocale=en_US
+ metadata:
+ fofa-query: 'HP 1820-8G Switch J9979A'
+ tags: default-login,hp
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
+
+requests:
+ - raw:
+ - |
+ POST /htdocs/login/login.lua HTTP/1.1
+ Host: {{Hostname}}
+
+ username={{username}}&password=
+
+ payloads:
+ username:
+ - admin
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ condition: and
+ words:
+ - '"redirect": "/htdocs/pages/main/main.lsp"'
+ - '"error": ""'
+
+ - type: status
+ status:
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/huawei/huawei-HG532e-default-router-login.yaml b/default-logins/huawei/huawei-HG532e-default-router-login.yaml
index 648cef8262..bac3b1d30e 100644
--- a/default-logins/huawei/huawei-HG532e-default-router-login.yaml
+++ b/default-logins/huawei/huawei-HG532e-default-router-login.yaml
@@ -1,34 +1,43 @@
-id: huawei-HG532e-default-login
-info:
- name: Huawei HG532e Default Credential
- author: pussycat0x
- severity: high
- metadata:
- shodan-query: http.html:"HG532e"
- tags: default-login,huawei
-
-requests:
- - raw:
- - |
- POST /index/login.cgi HTTP/1.1
- Host: {{Hostname}}
- Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0
- Content-Type: application/x-www-form-urlencoded
-
- Username=user&Password=MDRmODk5NmRhNzYzYjdhOTY5YjEwMjhlZTMwMDc1NjllYWYzYTYzNTQ4NmRkYWIyMTFkNTEyYzg1YjlkZjhmYg%3D%3D
-
- matchers-condition: and
- matchers:
- - type: word
- part: header
- words:
- - 'Set-Cookie: SessionID'
-
- - type: word
- part: body
- words:
- - "replace"
-
- - type: status
- status:
- - 200
+id: huawei-HG532e-default-login
+
+info:
+ name: Huawei HG532e Default Credential
+ description: Huawei HG532e default admin credentials were discovered.
+ author: pussycat0x
+ severity: high
+ metadata:
+ shodan-query: http.html:"HG532e"
+ tags: default-login,huawei
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
+
+requests:
+ - raw:
+ - |
+ POST /index/login.cgi HTTP/1.1
+ Host: {{Hostname}}
+ Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0
+ Content-Type: application/x-www-form-urlencoded
+
+ Username=user&Password=MDRmODk5NmRhNzYzYjdhOTY5YjEwMjhlZTMwMDc1NjllYWYzYTYzNTQ4NmRkYWIyMTFkNTEyYzg1YjlkZjhmYg%3D%3D
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: header
+ words:
+ - 'Set-Cookie: SessionID'
+
+ - type: word
+ part: body
+ words:
+ - "replace"
+
+ - type: status
+ status:
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/ibm/ibm-mqseries-default-login.yaml b/default-logins/ibm/ibm-mqseries-default-login.yaml
index 78424d3229..1212e832be 100644
--- a/default-logins/ibm/ibm-mqseries-default-login.yaml
+++ b/default-logins/ibm/ibm-mqseries-default-login.yaml
@@ -1,44 +1,51 @@
-id: ibm-mqseries-default-login
-
-info:
- name: IBM MQSeries web console default login
- author: righettod
- severity: high
- description: The remote host is running IBM MQ and REST API and is using default credentials. An unauthenticated, remote attacker can exploit this gain privileged or administrator access to the system.
- tags: ibm,default-login
- reference:
- - https://github.com/ibm-messaging/mq-container/blob/master/etc/mqm/mq.htpasswd
- - https://vulners.com/nessus/IBM_MQ_DEFAULT_CREDENTIALS.NASL
-
-requests:
- - raw:
- - |
- POST /ibmmq/console/j_security_check HTTP/1.1
- Host: {{Hostname}}
- Origin: {{RootURL}}
- Content-Type: application/x-www-form-urlencoded
- Referer: {{RootURL}}/ibmmq/console/login.html
-
- j_username={{username}}&j_password={{password}}
-
- attack: pitchfork
- payloads:
- username:
- - admin
- - app
- - mqadmin
- password:
- - passw0rd
- - passw0rd
- - mqadmin
-
- matchers-condition: and
- matchers:
- - type: word
- part: header
- words:
- - "LtpaToken2_"
-
- - type: status
- status:
- - 302
\ No newline at end of file
+id: ibm-mqseries-default-login
+
+info:
+ name: IBM MQSeries Web Console Default Login
+ author: righettod
+ severity: high
+ description: IBM MQ and REST API default admin credentials were discovered. An unauthenticated, remote attacker can exploit this gain privileged or administrator access to the system.
+ tags: ibm,default-login
+ reference:
+ - https://github.com/ibm-messaging/mq-container/blob/master/etc/mqm/mq.htpasswd
+ - https://vulners.com/nessus/IBM_MQ_DEFAULT_CREDENTIALS.NASL
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
+
+requests:
+ - raw:
+ - |
+ POST /ibmmq/console/j_security_check HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Referer: {{RootURL}}/ibmmq/console/login.html
+
+ j_username={{username}}&j_password={{password}}
+
+ attack: pitchfork
+ payloads:
+ username:
+ - admin
+ - app
+ - mqadmin
+ password:
+ - passw0rd
+ - passw0rd
+ - mqadmin
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: header
+ words:
+ - "LtpaToken2_"
+
+ - type: status
+ status:
+ - 302
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/ibm/ibm-storage-default-credential.yaml b/default-logins/ibm/ibm-storage-default-credential.yaml
index 366094a9af..551f02c9fe 100644
--- a/default-logins/ibm/ibm-storage-default-credential.yaml
+++ b/default-logins/ibm/ibm-storage-default-credential.yaml
@@ -3,8 +3,16 @@ id: ibm-storage-default-login
info:
name: IBM Storage Management Default Login
author: madrobot
- severity: medium
+ severity: high
tags: default-login,ibm,storage
+ description: IBM Storage Management default admin login credentials were discovered.
+ reference:
+ - https://www.ibm.com/docs/en/power-sys-solutions/0008-ESS?topic=5148-starting-elastic-storage-server-management-server-gui
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -40,3 +48,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/idemia/idemia-biometrics-default-login.yaml b/default-logins/idemia/idemia-biometrics-default-login.yaml
index 959da5926b..819cd0e0c3 100644
--- a/default-logins/idemia/idemia-biometrics-default-login.yaml
+++ b/default-logins/idemia/idemia-biometrics-default-login.yaml
@@ -3,10 +3,15 @@ id: idemia-biometrics-default-login
info:
name: IDEMIA BIOMetrics Default Login
author: Techryptic (@Tech)
- severity: high
- description: Default Login of password=12345 on IDEMIA BIOMetrics application.
+ severity: medium
+ description: IDEMIA BIOMetrics application default login credentials were discovered.
reference: https://www.google.com/search?q=idemia+password%3D+"12345"
tags: idemia,biometrics,default-login
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+ cvss-score: 5.8
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -36,4 +41,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/iptime/iptime-default-login.yaml b/default-logins/iptime/iptime-default-login.yaml
index d6a42f5490..f81d2f8f3c 100644
--- a/default-logins/iptime/iptime-default-login.yaml
+++ b/default-logins/iptime/iptime-default-login.yaml
@@ -4,7 +4,15 @@ info:
name: ipTIME Default Login
author: gy741
severity: high
+ description: ipTIME default admin credentials were discovered.
tags: iptime,default-login
+ reference:
+ - https://www.freewebtools.com/IPTIME/
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -35,3 +43,5 @@ requests:
- "login.cgi"
part: body
condition: and
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/jboss/jmx-default-login.yaml b/default-logins/jboss/jmx-default-login.yaml
index de4e66a812..bd24dd25e0 100644
--- a/default-logins/jboss/jmx-default-login.yaml
+++ b/default-logins/jboss/jmx-default-login.yaml
@@ -1,10 +1,18 @@
id: jmx-default-login
info:
- name: JBoss JMX Console Weak Credential
+ name: JBoss JMX Console Weak Credential Discovery
+ description: JBoss JMX Console default login information was discovered.
author: paradessia
severity: high
tags: jboss,jmx,default-login
+ reference:
+ - https://docs.jboss.org/jbossas/6/Admin_Console_Guide/en-US/html/Administration_Console_User_Guide-Accessing_the_Console.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -36,3 +44,5 @@ requests:
- type: word
words:
- 'JMImplementation'
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/jenkins/jenkins-default.yaml b/default-logins/jenkins/jenkins-default.yaml
index 2f2d3c8ef9..5209334216 100644
--- a/default-logins/jenkins/jenkins-default.yaml
+++ b/default-logins/jenkins/jenkins-default.yaml
@@ -1,10 +1,16 @@
id: jenkins-weak-password
info:
- name: Jenkins Weak Password
+ name: Jenkins Default Login
author: Zandros0
severity: high
tags: jenkins,default-login
+ description: Jenkins default admin login information was discovered.
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -49,3 +55,5 @@ requests:
dsl:
- 'contains(body_3, "/logout")'
- 'contains(body_3, "Dashboard [Jenkins]")'
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/kafka-center-default-login.yaml b/default-logins/kafka-center-default-login.yaml
index 644b8f35b9..6de21b6717 100644
--- a/default-logins/kafka-center-default-login.yaml
+++ b/default-logins/kafka-center-default-login.yaml
@@ -1,12 +1,20 @@
id: kafka-center-default-login
info:
- name: Kafka Center Default Login
+ name: Apache Kafka Center Default Login
author: dhiyaneshDK
severity: high
tags: kafka,default-login
+ description: Apache Kafka Center default admin credentials were discovered.
+ reference:
+ - https://developer.ibm.com/tutorials/kafka-authn-authz/
metadata:
shodan-query: http.title:"Kafka Center"
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -36,3 +44,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/minio/minio-default-login.yaml b/default-logins/minio/minio-default-login.yaml
index d9338fbaf2..20fffbb250 100644
--- a/default-logins/minio/minio-default-login.yaml
+++ b/default-logins/minio/minio-default-login.yaml
@@ -5,6 +5,14 @@ info:
author: pikpikcu
severity: medium
tags: default-login,minio
+ description: Minio default admin credentials were discovered.
+ reference:
+ - https://docs.min.io/docs/minio-quickstart-guide.html#
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -40,3 +48,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/mofi/mofi4500-default-login.yaml b/default-logins/mofi/mofi4500-default-login.yaml
index 3260fac23c..d13f599b45 100644
--- a/default-logins/mofi/mofi4500-default-login.yaml
+++ b/default-logins/mofi/mofi4500-default-login.yaml
@@ -3,8 +3,16 @@ id: mofi4500-default-login
info:
name: MOFI4500-4GXeLTE-V2 Default Login
author: pikpikcu
- severity: critical
+ severity: high
tags: mofi,default-login
+ description: Mofi Network MOFI4500-4GXELTE wireless router default admin credentials were discovered.
+ reference:
+ - https://www.cleancss.com/router-default/Mofi_Network/MOFI4500-4GXELTE
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -31,3 +39,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/nagios/nagios-default-login.yaml b/default-logins/nagios/nagios-default-login.yaml
index 8fb3713825..9b4cbecca4 100644
--- a/default-logins/nagios/nagios-default-login.yaml
+++ b/default-logins/nagios/nagios-default-login.yaml
@@ -1,10 +1,18 @@
id: nagios-default-login
+
info:
name: Nagios Default Login
author: iamthefrogy
+ description: Nagios default admin credentials were discovered.
severity: high
tags: nagios,default-login
reference: https://www.nagios.org
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
+
requests:
- raw:
- |
@@ -32,3 +40,5 @@ requests:
- 'Current Status'
- 'Reports'
condition: and
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/netsus/netsus-default-login.yaml b/default-logins/netsus/netsus-default-login.yaml
index 266acecad6..746b8a73bb 100644
--- a/default-logins/netsus/netsus-default-login.yaml
+++ b/default-logins/netsus/netsus-default-login.yaml
@@ -4,9 +4,15 @@ info:
name: NetSUS Server Default Login
author: princechaddha
severity: high
+ description: NetSUS Server default admin credentials were discovered.
metadata:
shodan-query: 'http.title:"NetSUS Server Login"'
tags: netsus,default-login
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -35,3 +41,5 @@ requests:
- type: status
status:
- 302
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/nexus/nexus-default-login.yaml b/default-logins/nexus/nexus-default-login.yaml
index 4decf4e751..6880dc686f 100644
--- a/default-logins/nexus/nexus-default-login.yaml
+++ b/default-logins/nexus/nexus-default-login.yaml
@@ -3,8 +3,14 @@ id: nexus-default-login
info:
name: Nexus Default Login
author: pikpikcu
+ description: Nexus default admin credentials were discovered.
severity: high
tags: nexus,default-login
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -34,3 +40,5 @@ requests:
- "NXSESSIONID"
part: header
condition: and
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/nps/nps-default-login.yaml b/default-logins/nps/nps-default-login.yaml
index 5768136961..ae3d2c7767 100644
--- a/default-logins/nps/nps-default-login.yaml
+++ b/default-logins/nps/nps-default-login.yaml
@@ -4,7 +4,15 @@ info:
name: NPS Default Login
author: pikpikcu
severity: high
+ description: NPS default admin credentials were discovered.
tags: nps,default-login
+ reference:
+ - https://docs.microfocus.com/NNMi/10.30/Content/Administer/Hardening/confCC2b_pwd.htm
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -39,3 +47,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/ofbiz/ofbiz-default-login.yaml b/default-logins/ofbiz/ofbiz-default-login.yaml
index e30d6504ec..266b9cb6b3 100644
--- a/default-logins/ofbiz/ofbiz-default-login.yaml
+++ b/default-logins/ofbiz/ofbiz-default-login.yaml
@@ -3,8 +3,16 @@ id: ofbiz-default-login
info:
name: Apache OfBiz Default Login
author: pdteam
+ description: Apache OfBiz default admin credentials were discovered.
severity: medium
tags: ofbiz,default-login,apache
+ reference:
+ - https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -28,3 +36,5 @@ requests:
- "ofbiz-pagination-template"
- "Powered by OFBiz"
condition: and
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/oracle/businessintelligence-default-login.yaml b/default-logins/oracle/businessintelligence-default-login.yaml
index a89df1808c..7aa3769e5b 100644
--- a/default-logins/oracle/businessintelligence-default-login.yaml
+++ b/default-logins/oracle/businessintelligence-default-login.yaml
@@ -3,8 +3,16 @@ id: oracle-business-intelligence-login
info:
name: Oracle Business Intelligence Default Login
author: milo2012
+ description: Oracle Business Intelligence default admin credentials were discovered.
severity: high
tags: oracle,default-login
+ reference:
+ - https://docs.oracle.com/cd/E12096_01/books/AnyDeploy/AnyDeployMisc2.html
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -43,3 +51,5 @@ requests:
words:
- 'createSessionReturn'
part: body
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/paloalto/panos-default-login.yaml b/default-logins/paloalto/panos-default-login.yaml
index 2e218f2bc2..d08faa6f8d 100644
--- a/default-logins/paloalto/panos-default-login.yaml
+++ b/default-logins/paloalto/panos-default-login.yaml
@@ -4,9 +4,15 @@ info:
name: Palo Alto Networks PAN-OS Default Login
author: Techryptic (@Tech)
severity: high
- description: Default Login of admin:admin on Palo Alto Networks PAN-OS application.
- reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks.
+ description: Palo Alto Networks PAN-OS application default admin credentials were discovered.
+ reference:
+ - https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/integrate-the-firewall-into-your-management-network/perform-initial-configuration.html#:~:text=By%20default%2C%20the%20firewall%20has,with%20other%20firewall%20configuration%20tasks.
tags: panos,default-login
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -37,4 +43,6 @@ requests:
- type: status
status:
- - 200
\ No newline at end of file
+ - 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/panabit/panabit-default-login.yaml b/default-logins/panabit/panabit-default-login.yaml
index d790a10942..b7da1ac7c5 100644
--- a/default-logins/panabit/panabit-default-login.yaml
+++ b/default-logins/panabit/panabit-default-login.yaml
@@ -4,8 +4,16 @@ info:
name: Panabit Gateway Default Login
author: pikpikcu
severity: high
- reference: https://max.book118.com/html/2017/0623/117514590.shtm
+ description: Panabit Gateway default credentials were discovered.
tags: panabit,default-login
+ reference:
+ - https://max.book118.com/html/2017/0623/117514590.shtm
+ - https://en.panabit.com/wp-content/uploads/Panabit-Intelligent-Application-Gateway-04072020.pdf
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
+ cvss-score: 5.8
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -47,3 +55,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/pentaho/pentaho-default-login.yaml b/default-logins/pentaho/pentaho-default-login.yaml
index a91dfc9bd8..895781a8a6 100644
--- a/default-logins/pentaho/pentaho-default-login.yaml
+++ b/default-logins/pentaho/pentaho-default-login.yaml
@@ -1,38 +1,48 @@
-id: pentaho-default-login
-
-info:
- name: Pentaho Default Login
- author: pussycat0x
- severity: high
- metadata:
- shodan-query: pentaho
- tags: pentaho,default-login
-
-requests:
- - raw:
- - |
- POST /pentaho/j_spring_security_check HTTP/1.1
- Host: {{Hostname}}
- Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
- j_username={{user}}&j_password={{pass}}
-
- attack: pitchfork
- payloads:
- user:
- - admin
- pass:
- - password
-
- matchers-condition: and
- matchers:
- - type: word
- part: header
- words:
- - 'pentaho/Home'
- - 'JSESSIONID='
- condition: and
-
- - type: status
- status:
- - 302
+id: pentaho-default-login
+
+info:
+ name: Pentaho Default Login
+ author: pussycat0x
+ description: Pentaho default admin credentials were discovered.
+ severity: high
+ metadata:
+ shodan-query: pentaho
+ tags: pentaho,default-login
+ reference:
+ - https://www.hitachivantara.com/en-us/pdfd/training/pentaho-lesson-1-user-console-overview.pdf
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
+
+requests:
+ - raw:
+ - |
+ POST /pentaho/j_spring_security_check HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+ j_username={{user}}&j_password={{pass}}
+
+ attack: pitchfork
+ payloads:
+ user:
+ - admin
+ pass:
+ - password
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: header
+ words:
+ - 'pentaho/Home'
+ - 'JSESSIONID='
+ condition: and
+
+ - type: status
+ status:
+ - 302
+
+# Enhanced by mp on 2022/03/10
diff --git a/default-logins/rabbitmq/rabbitmq-default-login.yaml b/default-logins/rabbitmq/rabbitmq-default-login.yaml
index 4497061308..fba1be66cd 100644
--- a/default-logins/rabbitmq/rabbitmq-default-login.yaml
+++ b/default-logins/rabbitmq/rabbitmq-default-login.yaml
@@ -1,10 +1,18 @@
id: rabbitmq-default-login
info:
- name: RabbitMQ admin Default Login
+ name: RabbitMQ Default Login
author: fyoorer,dwisiswant0
severity: high
+ description: RabbitMQ default admin credentials were discovered.
tags: rabbitmq,default-login
+ reference:
+ - https://onlinehelp.coveo.com/en/ces/7.0/administrator/changing_the_rabbitmq_administrator_password.htm
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
+ cvss-score: 8.3
+ cve-id:
+ cwe-id: CWE-522
requests:
- raw:
@@ -34,3 +42,5 @@ requests:
- type: status
status:
- 200
+
+# Enhanced by mp on 2022/03/10