Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Jenkins Default Credentials (HTTP)

Information

Severity

Severity

High

Family

Family

Default Accounts

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Mitigation

Created

Created

1 year ago

Modified

Modified

1 year ago

Summary

The remote Jenkins automation server is using known default credentials for the web login.

Insight

Insight

The remote Jenkins automation server is lacking a proper password configuration, which makes critical information and actions accessible for people with knowledge of the default credentials. Note: New Jenkins versions are creating / enforcing a strong and random password. But some specific deployments might still use known default credentials.

Detection Method

Detection Method

Tries to login via HTTP using known default credentials.

Solution

Solution

Change the default password.