ParosProxy hsqldb Default Blank sa Password

2005-10-07T19:34:00
ID OSVDB:19884
Type osvdb
Reporter OSVDB
Modified 2005-10-07T19:34:00

Description

Vulnerability Description

ParosProxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when hsqldb starts due to listening on all interfaces with a default password, which will disclose database content information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 3.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ParosProxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when hsqldb starts due to listening on all interfaces with a default password, which will disclose database content information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.parosproxy.org Secunia Advisory ID:17089 Secunia Advisory ID:18626 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200601-15.xml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0411.html Mail List Post: http://archives.neohapsis.com/archives/sf/pentest/2005-10/0060.html ISS X-Force ID: 22557 CVE-2005-3280 Bugtraq ID: 15141