Penetration Testing mailing list archives

Re: [PEN-TEST] Informix

From: "Curphey, Mark (ISS Atlanta)" <MCurphey () ISS NET>
Date: Thu, 28 Sep 2000 10:51:36 -0400

Default instal password was informix:informix !!! I found this out from
reviewing an Entrust PKI...

-----Original Message-----
From: Hyde, Mark (GEO) [mailto:Mark.Hyde () COMPAQ COM]
Sent: Thursday, September 28, 2000 4:59 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Informix

Hello,

I have been mandated to audit a critical Informix database application on
Unix.

I would be very grateful for pointers to known security vulnerabilities or
backdoors (weak default installation settings, built-in passwords etc) that
are specific to Informix. Also if there are any tools out there - freeware
or commerical that can help to break the informix security.

I have used DB scanner from ISS - but this does not perform audits of
Informix if a
similar tool exist I would like to know about it.

Any help, tips or tricks would be much appreciated.

Thanks in advance,

Mark Hyde
Compaq Professional Services
IT security consultant CISSP, CISA, MCSE.

Current thread:

[PEN-TEST] Informix Hyde, Mark (GEO) (Sep 28)
- Re: [PEN-TEST] Informix Hoz, Martin (Sep 28)
- <Possible follow-ups>
- Re: [PEN-TEST] Informix Curphey, Mark (ISS Atlanta) (Sep 28)
- Re: [PEN-TEST] Informix Craig, Scott (Sep 29)