PRTG Network Monitor Default Login Scanner
This scanner detects the use of PRTG Network Monitor in digital assets. It identifies if default login credentials are used, which pose a security risk.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
22 days 2 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
PRTG Network Monitor is a monitoring solution used by network administrators to track the performance and availability of hardware, along with application services in networks. It's employed in a variety of IT environments from small businesses to large enterprises for proactive monitoring and problem resolution. Paessler, the vendor, provides comprehensive alerting and reporting features, allowing for quick insights and responses to network issues. The software is recognized for its ease of use, scalability, and the ability to integrate into existing IT infrastructure. On-premises and cloud hosting options offer flexibility in deployment, meeting diverse needs of different organizations to ensure reliable network operation and performance management.
A Default Login vulnerability exists in PRTG Network Monitor, characterized by the presence of hardcoded credentials. This vulnerability can pose serious security threats as attackers may gain unauthorized access using these static credentials. When exploited, it allows unauthorized individuals to access sensitive data or control crucial network functionalities. This issue highlights issues with initial configuration or insufficient administrative measures to change default settings, leading to potential risks in network security. Understanding and identifying this vulnerability is key to ensuring robust security practices are in place proactively.
The vulnerability specifically involves the use of a default username and password, "prtgadmin," which is hardcoded in the system. Attackers can exploit this through a simple HTTP POST request to the endpoint "/public/checklogin.htm" with the static credentials. Upon successful exploitation, a redirect (HTTP 302) to the homepage or dashboard indicates unauthorized login. The matcher conditions verify presence of specific header words and status codes to confirm the vulnerability. This highlights a misconfiguration where administrators may not follow security best practices of changing default login settings.
An exploited Default Login vulnerability can have severe consequences for an organization. Attackers could access confidential information, altering or corrupting important data leading to loss or data manipulation. Control over the monitoring system might be abused to disrupt network services or conceal malicious activities. The presence of default credentials also serves as an entry point for further attacks on the network. Such security lapses could result in compliance violations, financial losses, and reputational damage.
REFERENCES
