oss-sec mailing list archives
Re: CVE-request: phpMyFAQ default password 1.3.2
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 10 May 2012 11:03:51 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/10/2012 01:39 AM, Henri Salo wrote:
This is very old issue from 2003 without CVE-identifier. Description: By default, phpMyFAQ installs with a default password. An unspecified account has an unspecified password which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access. http://osvdb.org/show/osvdb/81714 http://www.phpmyfaq.de/changelog.php Is there a general CVE-identifier for issues like default password, which I think would be OK in case like this? If user upgraded installation from old version to new this was not fixed in the process. - Henri Salo
I'll need at least the account name so I can confirm this. Or if you diff the code I'm guessing it will stand out easily. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPq/T3AAoJEBYNRVNeJnmTme0P/1q/22FTmG05Zd5XLE2Bbjcs 93uATy91vsqfRuv0kP9zOnZaMhn4gus5xo+42jAq/cvH+ewrLxYJjxVlIoimC4Pi QSsTP/FeNCgNP5zsvKMy/03ffBIQw2cuQwNQKbu7L9Vxuv2g8MJJBPLjkuylBO4P yg0j2/RtEMXzOEa+b4pPe0CBAEwOD6KNAvoEtK3018YYGG8csN/HqgVFkpFhJq+y wjF1ei2R+QzA5Ig0YduAbEn/zynuvNhLgj5RVWq58wHo0fi003tsWKRQvEaEXwr0 mz+Yg9fDp1tOb3UcvbMqc3w8LK4UyeXJjy5TEvS3kKwdRKTKTX9y6oqkJqEjebxA Nz/JciajoKp+xa0dXs/0TYvDvxYivuOAJR65OUPrPsNgsOOW4bUU5dMnnlFJ5t4T 38W8Co2B7ishu4BeG2AHcyS2xrS7o7GtOJbUSsaMn7L1HLwOS0L/YNQG92IaxJVf iRWAa4TonGQjdrl8tPtiT4hEZHkaGTZrC9Ym1VUWyZhu/j2N3Gy1CY5RoVi7jN1J KtTo3+BeQQyCLIVARnNXLdxLTHb6JHBO/ULZ9YwhbKJtUgjvdJqaSfau0Xcbj6or XTbaQ9kxohewDwjohKZSxdXjc8Nteoja1F6AnAsGA5kFuJqljF6UCfqwsT/d0gZc 3a4KLwqt+d+yfYd8ljWs =h+nZ -----END PGP SIGNATURE-----
Current thread:
- CVE-request: phpMyFAQ default password 1.3.2 Henri Salo (May 10)
- Re: CVE-request: phpMyFAQ default password 1.3.2 Kurt Seifried (May 10)