M4 Project enigma-suite Windows Client Default Account

2006-02-28T07:17:39
ID OSVDB:23572
Type osvdb
Reporter OSVDB
Modified 2006-02-28T07:17:39

Description

Vulnerability Description

By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor URL: http://www.bytereef.org/m4_project.html Vendor Specific News/Changelog Entry: http://www.bytereef.org/m4-project-blog.html Secunia Advisory ID:19077 FrSIRT Advisory: ADV-2006-0787 CVE-2006-1009