A Unix account has a default, null, blank, or missing password.
Published 1998-03-01 05:00:00
Updated 2022-08-17 08:15:13
Source MITRE
View at NVD,   CVE.org

Threat overview for CVE-1999-0502

Top countries where our scanners detected CVE-1999-0502
Top open port discovered on systems with this issue 554
IPs affected by CVE-1999-0502 2
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-1999-0502!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-1999-0502

Probability of exploitation activity in the next 30 days: 1.30%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-1999-0502

  • VMWare Authentication Daemon Login Scanner
    First seen: 2020-04-26
    auxiliary/scanner/vmware/vmauthd_login
    This module will test vmauthd logins on a range of machines and report successful logins. Authors: - theLightCosine <theLightCosine@metasploit.com>
  • DB2 Authentication Brute Force Utility
    First seen: 2020-04-26
    auxiliary/scanner/db2/db2_auth
    This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Authors: - todb <todb@metasploit.com>
  • Telnet Login Check Scanner
    First seen: 2020-04-26
    auxiliary/scanner/telnet/telnet_login
    This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - egypt <eg
  • Joomla Bruteforce Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/joomla_bruteforce_login
    This module attempts to authenticate to Joomla 2.5. or 3.0 through bruteforce attacks Authors: - luisco100 <luisco100@gmail.com>
  • PostgreSQL Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/postgres/postgres_login
    This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that passwords may be either plaintext or MD5 formatted hashes. Authors: - todb
  • SSH Login Check Scanner
    First seen: 2020-04-26
    auxiliary/scanner/ssh/ssh_login
    This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - todb <todb@me
  • NNTP Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/nntp/nntp_login
    This module attempts to authenticate to NNTP services which support the AUTHINFO authentication extension. This module supports AUTHINFO USER/PASS authentication, but does not support AUTHINFO GENERIC or AUTHINFO SASL authentication methods. Authors:
  • D-Link DIR-300A / DIR-320 / DIR-615D HTTP Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/dlink_dir_300_615_http_login
    This module attempts to authenticate to different D-Link HTTP management services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615 Hardware revision D and D-Link DIR-320 devices. It is possible that this module also works with other models.
  • FTP Authentication Scanner
    First seen: 2020-04-26
    auxiliary/scanner/ftp/ftp_login
    This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Authors: - todb <todb@me
  • rsh Authentication Scanner
    First seen: 2020-04-26
    auxiliary/scanner/rservices/rsh_login
    This module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com>
  • Brocade Enable Login Check Scanner
    First seen: 2020-04-26
    auxiliary/scanner/telnet/brocade_enable_login
    This module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not
  • PcAnywhere Login Scanner
    First seen: 2020-04-26
    auxiliary/scanner/pcanywhere/pcanywhere_login
    This module will test pcAnywhere logins on a range of machines and report successful logins. Authors: - theLightCosine <theLightCosine@metasploit.com>
  • WinRM Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/winrm/winrm_login
    This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. Kerberos is not currently supported. Please note: in order to use this module without SSL, the 'AllowUnencrypted' winrm option m
  • rexec Authentication Scanner
    First seen: 2020-04-26
    auxiliary/scanner/rservices/rexec_login
    This module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com>
  • Wordpress XML-RPC Username/Password Login Scanner
    First seen: 2020-04-26
    auxiliary/scanner/http/wordpress_xmlrpc_login
    This module attempts to authenticate against a Wordpress-site (via XMLRPC) using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Authors: - Cenk Kalpakoglu <cenk.kalpakoglu@gmail.com>
  • Tomcat Application Manager Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/tomcat_mgr_login
    This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com>
  • D-Link DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/dlink_dir_session_cgi_http_login
    This module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A devices.
  • HTTP Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/http_login
    This module attempts to authenticate to an HTTP service. Authors: - hdm <x@hdm.io>
  • SSH User Code Execution
    Disclosure Date: 1999-01-01
    First seen: 2020-04-26
    exploit/multi/ssh/sshexec
    This module connects to the target system and executes the necessary commands to run the specified payload via SSH. If a native payload is specified, an appropriate stager will be used. Authors: - Spencer McIntyre - Brandon Knight
  • MySQL Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/mysql/mysql_login
    This module simply queries the MySQL instance for a specific user/pass (default is root with blank). Authors: - Bernardo Damele A. G. <bernardo.damele@gmail.com>
  • D-Link DIR-615H HTTP Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/dlink_dir_615h_http_login
    This module attempts to authenticate to different D-Link HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models. Authors: - hdm <x@hdm.io> - Michael Me
  • VMWare Web Login Scanner
    First seen: 2020-04-26
    auxiliary/scanner/vmware/vmware_http_login
    This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI Authors: - theLightCosine <theLightCosine@metasploit.com>
  • rlogin Authentication Scanner
    First seen: 2020-04-26
    auxiliary/scanner/rservices/rlogin_login
    This module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). Authors: - jduck <jduck@metasploit.com>
  • Oracle RDBMS Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/oracle/oracle_login
    This module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Due to a bug in nmap versions 6.50-7.80 may not work. Authors: - Patrik Karlsson
  • Dell iDRAC Default Login
    First seen: 2020-04-26
    auxiliary/scanner/http/dell_idrac
    This module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access Controller 6 - Express version 1.50 and 1.85, Controller 7 - Enterprise 2.63.60.62 Controller 8 - Enterprise 2.83.05 Co

CVSS scores for CVE-1999-0502

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

References for CVE-1999-0502

Products affected by CVE-1999-0502

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!