AMD Pensando PSM Default Login Scanner
This scanner detects the use of AMD Pensando PSM in digital assets.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 weeks
Scan only one
Domain, Subdomain, IPv4
Toolbox
AMD Pensando PSM is a Policy and Services Manager used by various organizations to manage networking and security services. It plays a critical role in enhancing the efficiency and management of network operations. IT administrators and network managers utilize this software to configure and monitor data center networks. The software is often deployed in enterprise environments where maintaining secure networks is essential. Its primary function is to offer services and policies that assist in data center operations. Due to its extensive functionality, it is crucial that this software is kept secure and configurations are properly managed.
The scanner detects the presence of a default login vulnerability in the AMD Pensando PSM software. If exploited, unauthorized individuals might gain access using default credentials. This detection aims to identify systems vulnerable due to unchanged default passwords. Default login usage presents serious security risks, especially in sensitive environments. The scanner checks for the presence of default username and password combinations. Monitoring and securing default logins is crucial for maintaining network security.
Technically, the vulnerability can be exploited if the default admin credentials are not updated. The scanner sends requests to endpoints to identify default login vulnerabilities. Specifically, the detection process involves checking the default "admin" username and "Pensando0$" password. The scanner verifies successful login attempts by accessing a specific endpoint that confirms administrative access. The vulnerable endpoint typically involves the /v1/login API endpoint. The scanner ensures that systems are flagged if these weak credentials grant access.
An exploited default login vulnerability can lead to unauthorized access, data leakage, and potential manipulation of network configurations. Malicious actors could gain full control over network services and policies. Attackers might leverage compromised access to introduce malware or disrupt services. Unauthorized users could exfiltrate sensitive data, leading to non-compliance with data protection regulations. Failure to address default credential issues can result in significant security breaches. Ensuring robust authentication mechanisms is vital to thwart such exploitations.
REFERENCES
