Rooted SSH/SFTP Daemon Default Login Credentials

2014-09-12T00:00:00
ID PACKETSTORM:128240
Type packetstorm
Reporter Larry W. Cashdollar
Modified 2014-09-12T00:00:00

Description

                                        
                                            `Title: Rooted SSH/SFTP Daemon Default Login Credentials  
  
Author: Larry W. Cashdollar, @_larry0  
  
OSVDB-ID: 110742  
  
Date: 9/2/2014  
  
Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon  
  
Description: "This app is a SSH terminal server AND an SFTP file server."  
  
Vulnerability: The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system.  
  
Recommended Fix: Request the user set the password upon installation.  
  
Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014  
  
Greets to 44CON.  
`