OSVDB ID: 56511

Title: WWWBoard Default WebAdmin Account

Info

Disclosure

Sep 17, 1999

Discovery

Unknown

Dates

Exploit

Sep 17, 1999

Solution

Unknown

Description

By default, WWWBoard installs with a default password. The 'WebAdmin' account has a password of 'WebBoard' which is publicly known and documented. This allows attackers to trivially access the program or system.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
OSVDB: Web Related

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Products

Unknown or Incomplete

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/56511