PHP Advanced Transfer Manager (phpATM) Default Admin Account

2005-09-20T10:05:00
ID OSVDB:19531
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-09-20T10:05:00

Description

Vulnerability Description

By default, PHP Advanced Transfer Manager installs with a default password. The 'admin' account has a password of 'test' which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, PHP Advanced Transfer Manager installs with a default password. The 'admin' account has a password of 'test' which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor URL: http://phpatm.free.fr/ Security Tracker: 1014930 Secunia Advisory ID:16867 Related OSVDB ID: 19524 Related OSVDB ID: 19526 Related OSVDB ID: 19529 Related OSVDB ID: 19530 Related OSVDB ID: 19523 Related OSVDB ID: 19528 Related OSVDB ID: 19532 Related OSVDB ID: 19533 Related OSVDB ID: 19525 Related OSVDB ID: 19527 Other Advisory URL: http://rgod.altervista.org/phpatm130.html CVE-2005-2998