XAMPP Insecure Default Password Disclosure Vulnerability
BID:13131
Info
XAMPP Insecure Default Password Disclosure Vulnerability
| Bugtraq ID: | 13131 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-1078 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Morning Wood <[email protected]> is credited with the discovery of these issues. |
| Vulnerable: |
XAMPP Apache Distribution for Solaris 0.3 XAMPP Apache Distribution for Solaris 0.2 XAMPP Apache Distribution for Solaris 0.1 XAMPP Apache Distribution 1.4.13 XAMPP Apache Distribution 1.4.12 XAMPP Apache Distribution 1.4.11 XAMPP Apache Distribution 1.4.10 a XAMPP Apache Distribution 1.4.10 XAMPP Apache Distribution 1.4.9 XAMPP Apache Distribution 1.4.8 XAMPP Apache Distribution 1.4.7 XAMPP Apache Distribution 1.4.6 XAMPP Apache Distribution 1.4.5 XAMPP Apache Distribution 1.4.4 XAMPP Apache Distribution 1.4.3 XAMPP Apache Distribution 1.4.2 XAMPP Apache Distribution 1.4.1 |
| Not Vulnerable: | |
Discussion
XAMPP Insecure Default Password Disclosure Vulnerability
An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords.
An attacker may leverage this issue to gain access to the default passwords for many utilities installed by the affected application, including the MySQL 'root' user, the phpMyAdmin 'pma' user, the FTP 'nobody' user and the Tomcat administrator.
An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords.
An attacker may leverage this issue to gain access to the default passwords for many utilities installed by the affected application, including the MySQL 'root' user, the phpMyAdmin 'pma' user, the FTP 'nobody' user and the Tomcat administrator.
Exploit / POC
XAMPP Insecure Default Password Disclosure Vulnerability
No exploit is required to leverage this issue. The following URI will be available by default on affected computers:
http://www.example.com/xampp/security.php
No exploit is required to leverage this issue. The following URI will be available by default on affected computers:
http://www.example.com/xampp/security.php
Solution / Fix
XAMPP Insecure Default Password Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.