Hello, It appears that the Cisco VG248 voip system ships with a blank password on the telnet connection for configuration (at least all of ours showed up like that). Scanning with nessus returned garbage for a banner when it connected on port 23 and no other "Blank Password" scripts caught the problem. Attached is a script that specifically looks for the "Configure" option when it connects and returns a "security hole" alert. The reason for choosing "Configure" over the units cisco name is that the "Cisco VG248" name appears both on the configuration page and on the login if the password is enabled. The script does not limit its search to port 23. This is a non-intrusive script.
_______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Jul 26 2005 - 09:56:36 PDT