Info

Disclosure

Feb 28, 2006

Discovery

Unknown

Dates

Exploit

Feb 28, 2006

Solution

Unknown

Description

By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Local Access Required, Local / Remote
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

M4 Message Breaking Project

enigma-suite

0.73.3

References

Secunia Advisory ID: 19077
CVE ID: 2006-1009 (see also: NVD)
VUPEN Advisory: ADV-2006-0787
Vendor Specific News/Changelog Entry: http://www.bytereef.org/m4-project-blog.html
Vendor URL: http://www.bytereef.org/m4_project.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/23572