Asset: 1.1.1.1 USAMYCOMPUTERNAME IP Address: 1.1.1.1 1 Network: other.other Description: 8371.30 Asset Weight: Asset Name: Vuln Count: CVSS Risk: Vulnerabilities ID = Vulnerability ID Ordered By: Risk (Base Score) ID Title Dates Vulnerability Profile 95016 Login Found with Known Last Modified: Vuln Details: Default Credentials 07/18/2019 CVSS Base Score (Source): 7.50 (http://nvd.nist.gov) Details: Disclosure: Affected Services (And Ports): netbios-ssn:139 (u):Administrator 01/01/1970 PCI Compliance Status: Fail (p):password Discovery: Descriptions: 01/01/1970 - A user account was found to have known default credentials. Last Seen: Concern: 02/23/2019 - Many applications come with default username and password combinations. First Seen: However, these are also well published in lists and many malicious programs 02/23/2019 know to look for them. While the ultimate severity of this exposure will depend on the privilege level of the user account in question, this should be investigated and remediated quickly. Solution: - Disable the account or change the password to something difficult to guess. Unix: Disable login access to this Unix account if it is not needed. To remove login access for a Unix account: 1. Edit the /etc/passwd file. 2. Locate the 6 account. 3. Place an * (asterisk) in the password field. 4.Place the string /bin/ nologin in the shell field. An example of the /etc/passwd entry for a disabled Guest account should resemble the following: guest:*:2311:50:Guest User:/ home/guest:/bin/nologin 5. Save and exit the file. Windows: Change the password on this account to something difficult to guess, or disable login access to this Windows account. To change a password on a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. In the Password field, type a new password. 4. In the Confirm Password field, confirm the new password. 5. Click OK. - OR - To disable login access to a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager 2. Double-click the account to display the User Properties dialog box. 3. Select the Account Disabled check box. 4. Click OK. Novell: To disable the chargen port as described in Novell Technical Information Document #2946023: 1. Install NIAS4.0 or later. 2. Load INETCFG —> Protocols —> TCP/IP, and set filter support to ENABLED. 3. Load FILTCFG —> TCP/IP —> Packet Forwarding filters, and set the status to ENABLED. 4. Verify that the action is Deny packets in filter list. Press ENTER on '(Filters: list of denied packets)'. 5. Press INSERT go to packet type: Name: . 6. Press ENTER, find the port chargen TCP 19. 7. Press ENTER, ESCAPE, save filters: YES PCI Severity: - L2(High) Asset: 1.1.1.1 USAMYCOMPUTERNAME2 IP Address: 1.1.1.1 1 Network: catch_all_networks.RFC1918 Description: 7899.40 Asset Weight: Asset Name: Vuln Count: CVSS Risk: Vulnerabilities ID = Vulnerability ID Ordered By: Risk (Base Score) ID Title Dates Vulnerability Profile 95016 Login Found with Known Last Modified: Vuln Details: Default Credentials 07/18/2019 CVSS Base Score (Source): 7.50 (http://nvd.nist.gov) Details: Disclosure: Affected Services (And Ports): netbios-ssn:139,netbios-ssn:445 01/01/1970 PCI Compliance Status: Fail 7 Port: 139 (u):manager Discovery: Descriptions: (p):manager 01/01/1970 - A user account was found to have known default credentials. Last Seen: Concern: 12/20/2019 - Many applications come with default username and password combinations. First Seen: However, these are also well published in lists and many malicious programs 06/20/2019 know to look for them. While the ultimate severity of this exposure will depend on the privilege level of the user account in question, this should be investigated and remediated quickly. Solution: - Disable the account or change the password to something difficult to guess. Unix: Disable login access to this Unix account if it is not needed. To remove login access for a Unix account: 1. Edit the /etc/passwd file. 2. Locate the account. 3. Place an * (asterisk) in the password field. 4.Place the string /bin/ nologin in the shell field. An example of the /etc/passwd entry for a disabled Guest account should resemble the following: guest:*:2311:50:Guest User:/ home/guest:/bin/nologin 5. Save and exit the file. Windows: Change the password on this account to something difficult to guess, or disable login access to this Windows account. To change a password on a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. In the Password field, type a new password. 4. In the Confirm Password field, confirm the new password. 5. Click OK. - OR - To disable login access to a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager 2. Double-click the account to display the User Properties dialog box. 3. Select the Account Disabled check box. 4. Click OK. Novell: To disable the chargen port as described in Novell Technical Information Document #2946023: 1. Install NIAS4.0 or later. 2. Load INETCFG —> Protocols —> TCP/IP, and set filter support to ENABLED. 3. Load FILTCFG —> TCP/IP —> Packet Forwarding filters, and set the status to ENABLED. 4. Verify that the action is Deny packets in filter list. Press ENTER on '(Filters: list of denied packets)'. 5. Press INSERT go to packet type: Name: . 6. Press ENTER, find the port chargen TCP 19. 7. Press ENTER, ESCAPE, save filters: YES PCI Severity: - L2(High) Asset: 1.1.1.1 IP Address: 1.1.1.1 Description: 8 Asset Name: MYCOMPUTERNAME3 Network: catch_all_networks.RFC1918 Vuln Count: 1 Asset Weight: CVSS Risk: 7383.60 Vulnerabilities ID = Vulnerability ID Ordered By: Risk (Base Score) ID Title Dates Vulnerability Profile 95016 Login Found with Known Last Modified: Vuln Details: Default Credentials 07/18/2019 CVSS Base Score (Source): 7.50 (http://nvd.nist.gov) Details: Disclosure: Affected Services (And Ports): netbios-ssn:445,netbios-ssn:139 Port: 445 (u):Admin 01/01/1970 PCI Compliance Status: Fail (p):Admin Discovery: Descriptions: 01/01/1970 - A user account was found to have known default credentials. Last Seen: Concern: 11/15/2019 - Many applications come with default username and password combinations. First Seen: However, these are also well published in lists and many malicious programs 09/15/2019 know to look for them. While the ultimate severity of this exposure will depend on the privilege level of the user account in question, this should be investigated and remediated quickly. Solution: - Disable the account or change the password to something difficult to guess. Unix: Disable login access to this Unix account if it is not needed. To remove login access for a Unix account: 1. Edit the /etc/passwd file. 2. Locate the account. 3. Place an * (asterisk) in the password field. 4.Place the string /bin/ nologin in the shell field. An example of the /etc/passwd entry for a disabled Guest account should resemble the following: guest:*:2311:50:Guest User:/ home/guest:/bin/nologin 5. Save and exit the file. Windows: Change the password on this account to something difficult to guess, or disable login access to this Windows account. To change a password on a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager. 2. Double-click the account to display the User Properties dialog box. 3. In the Password field, type a new password. 4. In the Confirm Password field, confirm the new password. 5. Click OK. - OR - To disable login access to a Windows account: 1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager 2. Double-click the account to display the User Properties dialog box. 3. Select the Account Disabled check box. 4. Click OK. Novell: To disable the chargen port as described in Novell Technical Information Document #2946023: 1. Install NIAS4.0 or later. 2. Load INETCFG —> Protocols —> TCP/IP, and set filter support to ENABLED. 3. Load FILTCFG —> TCP/IP —> Packet Forwarding filters, and set the status to ENABLED. 4. Verify that the action is Deny packets in filter list. Press ENTER on '(Filters: list of denied packets)'. 5. 9 Press INSERT go to packet type: Name: . 6. Press ENTER, find the port chargen TCP 19. 7. Press ENTER, ESCAPE, save filters: YES PCI Severity: - L2(High)