Novell GroupWise Servlet Gateway Default Accounts

2001-12-15T00:00:00
ID OSVDB:4999
Type osvdb
Reporter Adam Gray(agray@novacoast.com)
Modified 2001-12-15T00:00:00

Description

Vulnerability Description

By default, Novell Groupwise installs with a default username and password. The "servlet" account has a password of "manager" which is undocumented. This allows attackers to trivially access and control the Servlet Manager, which could allow a malicious user to conduct denial of service attacks by loading, reloading or unloading servlets.

Solution Description

Upgrade to GroupWise 6 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround provided by Novell:

Edit the SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES file. There is a section for ServletManager like the following:

ServletManager servlet

servlet.ServletManager.code=com.novell.application.ServletGateway.ServletManager servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor=#c0c0c0 servlet.ServletManager.preload=true

In the initialization arguments there is a user=servlet, password=manager that can be edited to reflect the user and password that you wish to use. You will then have to do a java -exit on the server, NSWEBDN and then an NSWEB to reload the servlet gateway and the web server.

Short Description

By default, Novell Groupwise installs with a default username and password. The "servlet" account has a password of "manager" which is undocumented. This allows attackers to trivially access and control the Servlet Manager, which could allow a malicious user to conduct denial of service attacks by loading, reloading or unloading servlets.

References:

Vendor URL: http://www.novell.com Vendor Specific Advisory URL Nessus Plugin ID:12122 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-12/0166.html Keyword: NOVL68022,Groupware,ServletManager,TID10067329 ISS X-Force ID: 7701 CVE-2001-1195 Bugtraq ID: 3697