WWIV BBS Multiple Default Accounts

1991-11-18T00:00:00
ID OSVDB:14754
Type osvdb
Reporter OSVDB
Modified 1991-11-18T00:00:00

Description

Vulnerability Description

By default, WWIV BBS installs with two default passwords. The SYSOP account has a password of "SYSOP" and the !-@NETWORK@-! account has a blank default password which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, WWIV BBS installs with two default passwords. The SYSOP account has a password of "SYSOP" and the !-@NETWORK@-! account has a blank default password which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor URL: http://wss.wwiv.com/ Generic Informational URL: http://software.bbsdocumentary.com/IBM/DOS/WWIV/feren.txt