Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Eventum Vendors:
Eventum Has Undocumented System Account
SecurityTracker Alert ID:  1012736
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 30 2004
Impact:   User access via network

Version(s): 1.3.1 and prior versions
Description:   A undocumented system account was reported in Eventum. A remote user may be able to access the account.

sullo from reported that a remote user may be able to access an undocumented administrator account ('system-account').

The vendor was notified on December 28, 2004.

Impact:   A remote user may be able to gain administrative access to the application.
Solution:   No vendor solution was available at the time of this entry.

As a workaround, the report indicates that you can change the password by replacing "password" in the SQL below (assuming during setup the table prefix of "eventum_" was selected):

update eventum_user set usr_password=md5("password") where usr_email="";

Vendor URL: (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC