access nagios dashboard using default credentials in ** omon1.fpki.gov, 3.220.248.203**

## Summary: when i performing recon on fpki.gov i found nagios dashboard in ** omon1.fpki.gov, 3.220.248.203** and i accessed it using default credentials username: ** nagiosadmin ** password : ** nagiosadmin ** ## Steps To Reproduce: 1. visit these urls : ** https://omon1.fpki.gov/nagios/side.php ** ** https://3.220.248.203/nagios/side.php ** 2. he will ask to put your credentials in basic authentication enter these credentials username: ** nagiosadmin ** password : ** nagiosadmin ** ##POC: look at poc pic ## Impact attacker can make any action like an admin he has full control on your panal. thanks , have a nice day :)