AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
BID:26304
Info
AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
| Bugtraq ID: | 26304 |
| Class: | Configuration Error |
| CVE: |
CVE-2007-6081 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2007 12:00AM |
| Updated: | Dec 18 2007 08:04PM |
| Credit: | BUGFINDER discovered this issue. |
| Vulnerable: |
AdventNet EventLog Analyzer 4030 |
| Not Vulnerable: | |
Discussion
AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
AdventNet EventLog Analyzer is prone to a vulnerability that can result in unauthorized access to the application's SQL database.
This issue occurs because of an insecure default password.
Attackers can exploit this issue to access or modify sensitive data or to exploit latent vulnerabilities in the underlying database. Attackers can use information harvested to compromise the affected computer; other attacks are also possible.
EventLog Analyzer Build 4030 is vulnerable; other versions may also be affected.
AdventNet EventLog Analyzer is prone to a vulnerability that can result in unauthorized access to the application's SQL database.
This issue occurs because of an insecure default password.
Attackers can exploit this issue to access or modify sensitive data or to exploit latent vulnerabilities in the underlying database. Attackers can use information harvested to compromise the affected computer; other attacks are also possible.
EventLog Analyzer Build 4030 is vulnerable; other versions may also be affected.
Exploit / POC
AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
An attacker can exploit this issue via an SQL client.
An attacker can exploit this issue via an SQL client.
Solution / Fix
AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
Solution:
The vendor acknowledges this issue and has provided the following instructions on how to change the default settings:
- Add a password to the existing MySQL server.
- Filter MySQL connections that are made from other computers.
Solution:
The vendor acknowledges this issue and has provided the following instructions on how to change the default settings:
- Add a password to the existing MySQL server.
- Filter MySQL connections that are made from other computers.
References
AdventNet EventLog Analyzer Insecure Default MySQL Password Unauthorized Access Vulnerability
References:
References:
- MAJOR SECURITY HOLE IN BUILD 4030 (AdventNet)
- Vendor Homepage (AdventNet)