From 066bbcfa2b7c4cbabc5aeeb9f88b44c81e210ecd Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 31 Oct 2016 01:32:40 +0000
Subject: [PATCH] Adds more default credentials for Apache Tomcat

---
 .../http-default-accounts-fingerprints.lua    | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index 8717daffe..6a4277af0 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -225,7 +225,8 @@ table.insert(fingerprints, {
   category = "web",
   paths = {
     {path = "/manager/html/"},
-    {path = "/tomcat/manager/html/"}
+    {path = "/tomcat/manager/html/"},
+    {path = "/cognos_express/manager/html/"}
   },
   target_check = function (host, port, path, response)
     return http_auth_realm(response) == "Tomcat Manager Application"
@@ -233,10 +234,24 @@ table.insert(fingerprints, {
   login_combos = {
     {username = "tomcat", password = "tomcat"},
     {username = "admin", password = "admin"},
-    -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4189
+    -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3548
+    {username = "admin", password = ""},
+    -- https://github.com/seshendra/vagrant-ubuntu-tomcat7/
+    {username = "admin", password = "tomcat"},
+    -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4094
+    {username = "ADMIN", password = "ADMIN"},
+    -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4189
     {username = "ovwebusr", password = "OvW*busr1"},
-    -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4188
-    {username = "j2deployer", password = "j2deployer"}
+    -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4188
+    {username = "j2deployer", password = "j2deployer"},
+    -- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0557
+    {username = "cxsdk", password = "kdsxc"},
+    -- XAMPP https://www.apachefriends.org/index.html
+    {username = "xampp", password = "xampp"},
+    -- QLogic QConvergeConsole http://www.qlogic.com/
+    {username = "QCC", password = "QLogic66"},
+    -- HAPI FHIR http://hapifhir.io/
+    {username = "fhir", password = "FHIRDefaultPassword"}
   },
   login_check = function (host, port, path, user, pass)
     return try_http_basic_login(host, port, path, user, pass, false)