OSVDB ID: 100236

Title: WinDSX Default Admin Credentials

Info

Disclosure

Jul 19, 2008

Discovery

Unknown

Dates

Exploit

Jul 19, 2008

Solution

Unknown

Description

WinDSX installs with default admin credentials (the 'admin' account has no password and the database account is 'SA' with no password), which are publicly known and documented. This allows remote attackers to trivially gain privileged access to the software.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Security Software

Solution

Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.

Products

DSX Access Systems, Inc.

WinDSX

Unspecified

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/100236