[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Missing admin sql password in Okena StormWatch

To: bugtraq@xxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx
Subject: Missing admin sql password in Okena StormWatch
From: Marc Ruef <marc.ruef@xxxxxxxxxxx>
Date: Wed, 18 Dec 2002 08:06:19 +0100
Delivered-to: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for bugtraq@xxxxxxxxxxxxxxxxx
Delivery-date: Wed, 18 Dec 2002 17:28:20 +0100
Envelope-to: bugtraq@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.computec.ch

Hi!

I was working with Okena StormWatch[1] - a really interesting commercial
intrusion prevention product - and saw that there is the SQL password
for the admin account (sa) missing.

With a SQL client and a blank password it's possible for everyone who
can connect to the manager to compromise the whole system/network.

My notification was sent on Fri, 15 Nov 2002 14:21:01 +0100 to
info@xxxxxxxxx - Nothing came back.

Thanks to Mario Robic for helping discovering this problem.

Bye, Marc

[1] http://www.okena.com

-- 
Computer, Technik und Security
http://www.computec.ch

Prev by Date: Re: export LD_LIBRARY_PATH in /etc/profile.d/* files
Next by Date: Security Paper: Session Fixation Vulnerability in Web-based Applications
Previous by thread: RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Next by thread: RE: Missing admin sql password in Okena StormWatch
Index(es):
- Date
- Thread