2 matches found
TekRADIUS SQL注入及不安全权限漏洞
CVECAN ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器,可以支持RFC 2865和RFC 2866规范。 1 TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯,远程攻击者可以相对较容易的获得对数据库的特权访问。 2 TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件,读取加密了的凭据。 3...
CVE-2009-2357
TekRADIUS 3.0 is affected: its default configuration communicates with Microsoft SQL Server using the sa account, enabling remote attackers to obtain privileged database and Windows OS access. The Seebug entry also notes that TekRADIUS stores DB credentials in C:\Program Files\TekRADIUS\TekRADIUS...