CVE-2016-0726
First published: Mon Jan 04 2016(Updated: )
It was found that default configuration for nagios on Fedora is administrative account with user "nagiosadmin" with fixed password "nagiosadmin" and no IP based access restriction. This information is missing in packaged README file. Original report: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1295155">https://bugzilla.redhat.com/show_bug.cgi?id=1295155</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Plugins |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0726?
CVE-2016-0726 is considered a high severity vulnerability due to the use of default credentials and lack of access restrictions.
How do I fix CVE-2016-0726?
To fix CVE-2016-0726, change the default password for the nagiosadmin account and implement IP-based access controls.
What software is affected by CVE-2016-0726?
CVE-2016-0726 affects Nagios software, specifically versions that use the default configuration.
Can CVE-2016-0726 be exploited remotely?
Yes, CVE-2016-0726 can be exploited remotely due to the lack of access restrictions for the nagiosadmin account.
Is there a patch available for CVE-2016-0726?
There is no specific patch for CVE-2016-0726; mitigation involves changing default settings and enhancing security measures.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0726
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios plugins