[anonymous@anonymous: (please fwd to full-disclosure anon) Default password issue with SEVIS software]

[Len Rose <len () netsys com>]

----- Forwarded message from an anonymous person -----

Subject: (please fwd to full-disclosure anon) Default password issue with SEVIS software
Date: Thu, 10 Jul 2003 09:48:56 -0500
From: "Anonymous" <anonymous@anonymous>
To: <len () netsys com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by netsys.com id h6AEn0f17799

It recently came to my attention that the SEVIS software (Dept of
Homeland Securities nightmarish product for tracking foreign
students/etc.) has a default admin password of user/newfront that is
supposed to be changed as part of the install. I'm sure there are
numerous sites that have not bothered to change it. 

It gets you full and total access to get in and read/update any data on
the individuals within the system.

If you could forward this anonymously to the list, I'd appreciate it.


----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html