Mac OS X MySQL Manager Blank root Password

2006-05-08T00:00:00
ID OSVDB:25595
Type osvdb
Reporter Ben Low()
Modified 2006-05-08T00:00:00

Description

Vulnerability Description

By default, MySQL Manager on Mac OS X installs with a default password, which is not changed, even if a password is entered when prompted during setup. The root account has a blank password which is publicly known and documented. This allows local attackers to trivially access the program or system.

Solution Description

Install Apple Security Update 2006-003, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

By default, MySQL Manager on Mac OS X installs with a default password, which is not changed, even if a password is entered when prompted during setup. The root account has a blank password which is publicly known and documented. This allows local attackers to trivially access the program or system.

References:

Vendor Specific Advisory URL Security Tracker: 1016077 Secunia Advisory ID:20077 Related OSVDB ID: 25590 Related OSVDB ID: 25592 Related OSVDB ID: 25593 Related OSVDB ID: 25583 Related OSVDB ID: 25585 Related OSVDB ID: 25589 Related OSVDB ID: 25598 Related OSVDB ID: 25600 Related OSVDB ID: 25586 Related OSVDB ID: 25588 Related OSVDB ID: 25591 Related OSVDB ID: 25597 Related OSVDB ID: 25584 Related OSVDB ID: 25594 Related OSVDB ID: 25599 ISS X-Force ID: 26420 FrSIRT Advisory: ADV-2006-1779 CVE-2006-1451 CERT: TA06-132A Bugtraq ID: 17951