Description

Apache Axis2 administration console is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.

Remediation

Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.

References

Wikipedia - Password strength

Authentication Hacking Attacks

Apache Axis2 Web Administrator's Guide

Related Vulnerabilities

WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)

Full public read access Azure blob storage

Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.29)

WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration Bruteforce Possible Weak Credentials