Bugtraq mailing list archives
Missing admin sql password in Okena StormWatch
From: Marc Ruef <marc.ruef () computec ch>
Date: Wed, 18 Dec 2002 08:06:19 +0100
Hi! I was working with Okena StormWatch[1] - a really interesting commercial intrusion prevention product - and saw that there is the SQL password for the admin account (sa) missing. With a SQL client and a blank password it's possible for everyone who can connect to the manager to compromise the whole system/network. My notification was sent on Fri, 15 Nov 2002 14:21:01 +0100 to info () OKENA com - Nothing came back. Thanks to Mario Robic for helping discovering this problem. Bye, Marc [1] http://www.okena.com -- Computer, Technik und Security http://www.computec.ch
Current thread:
- Missing admin sql password in Okena StormWatch Marc Ruef (Dec 18)
- <Possible follow-ups>
- RE: Missing admin sql password in Okena StormWatch Marcus Gavel (Dec 19)