WWIV BBS contains a flaw that may allow a new user to gain elevated privileges. The issue is due to the "auto-validation" feature for new users intended to validate other SYSOPs. It is trivial to provide false information and become instantly validated, potentially getting access to sensitive files or information.
By default, WWIV BBS installs with two default passwords. The SYSOP account has a password of "SYSOP" and the !-@NETWORK@-! account has a blank default password which is publicly known and documented. This allows attackers to trivially access the program or system.
By default, OpenVMS OSI installs with a default password. The osit$default account has no password, which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.