Main Vulnerability Database Vulnerabilities #VU38893

Use of hard-coded credentials in Nagios - CVE-2016-0726

Published: June 6, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38893

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0726

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: nagios.org

Affected software:
Nagios

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

How to mitigate CVE-2016-0726

Install update from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1295446

Use of hard-coded credentials in Nagios - CVE-2016-0726

Detailed vulnerability description

How to mitigate CVE-2016-0726

Sources

Please verify you're human