IBM DB2 Universal Database Known Default Password Vulnerability
BID:2068
Info
IBM DB2 Universal Database Known Default Password Vulnerability
| Bugtraq ID: | 2068 |
| Class: | Design Error |
| CVE: |
CVE-2001-0051 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 05 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq by Benjurry <[email protected]> on December 5, 2000. |
| Vulnerable: |
IBM DB2 Universal Database for Windows NT 6.1 IBM DB2 Universal Database for Linux 6.1 |
| Not Vulnerable: | |
Discussion
IBM DB2 Universal Database Known Default Password Vulnerability
IBM DB2 Universal Database is a distributed database application.
DB2 Universal Database contains a default username and password that would enable a user access to the database. During the installation of DB2, the administrator is not prompted to change these passwords which would open up the possibility of having unauthorized users access the database if they knew the default username and password.
IBM DB2 Universal Database is a distributed database application.
DB2 Universal Database contains a default username and password that would enable a user access to the database. During the installation of DB2, the administrator is not prompted to change these passwords which would open up the possibility of having unauthorized users access the database if they knew the default username and password.
Exploit / POC
IBM DB2 Universal Database Known Default Password Vulnerability
DB2 Universal Database for Windows NT
Username: db2admin
Password: db2admin
DB2 Universal Database for Linux
Username: db2inst1, db2as, db2fenc1
Password: ibmdb2
DB2 Universal Database for Windows NT
Username: db2admin
Password: db2admin
DB2 Universal Database for Linux
Username: db2inst1, db2as, db2fenc1
Password: ibmdb2
References
IBM DB2 Universal Database Known Default Password Vulnerability
References:
References: