SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Eventum Vendors:   MySQL.com
Eventum Has Undocumented System Account
SecurityTracker Alert ID:  1012736
SecurityTracker URL:  http://securitytracker.com/id/1012736
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 30 2004
Impact:   User access via network

Version(s): 1.3.1 and prior versions
Description:   A undocumented system account was reported in Eventum. A remote user may be able to access the account.

sullo from cirt.net reported that a remote user may be able to access an undocumented administrator account ('system-account').

The vendor was notified on December 28, 2004.

Impact:   A remote user may be able to gain administrative access to the application.
Solution:   No vendor solution was available at the time of this entry.

As a workaround, the report indicates that you can change the password by replacing "password" in the SQL below (assuming during setup the table prefix of "eventum_" was selected):

update eventum_user set usr_password=md5("password") where usr_email="system-account@example.com";

Vendor URL:  dev.mysql.com/downloads/other/eventum/ (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC