Dora Emlak Script Admin.ASP Insecure Default Password Vulnerability

Bugtraq ID:	25139
Class:	Configuration Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 30 2007 12:00AM
Updated:	Jul 31 2007 05:35PM
Credit:	This vulnerability was discovered by ilkerkandemir.
Vulnerable:	Dora Emlak Dora Emlak 1.0
Not Vulnerable:

Dora Emlak Script Admin.ASP Insecure Default Password Vulnerability

Dora Emlak Script is reported prone to an insecure-default-password vulnerability.

A remote attacker with knowledge of the default credentials that are set during installation may exploit this vulnerability to gain unauthorized access to the application.

Dora Emlak Script 1.0 is vulnerable.

Dora Emlak Script Admin.ASP Insecure Default Password Vulnerability

Attackers may exploit this issue through a browser.

Dora Emlak Script Admin.ASP Insecure Default Password Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Dora Emlak Script Admin.ASP Insecure Default Password Vulnerability

References:

• Dora Emlak Script Web Site (Dora Emlak)
  
• Dora Emlak Script v1.0 (tr) Admin Login ByPass ([email protected])