Lyris ListManager MSDE Default sa Password

2005-12-08T00:00:00
ID OSVDB:21559
Type osvdb
Reporter H D Moore(fdlist@digitaloffense.net)
Modified 2005-12-08T00:00:00

Description

Vulnerability Description

By default, Lyris ListManager installs with a default password. The 'sa' account has a password of 'lminstall' which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, Lyris ListManager installs with a default password. The 'sa' account has a password of 'lminstall' which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor URL: http://www.lyris.com/ Secunia Advisory ID:17943 Other Advisory URL: http://metasploit.com/research/vulns/lyris_listmanager/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html FrSIRT Advisory: ADV-2005-2820 CVE-2005-4145