Missing admin sql password in Okena StormWatch

2002-12-18T00:00:00
ID SECURITYVULNS:DOC:3894
Type securityvulns
Reporter Securityvulns
Modified 2002-12-18T00:00:00

Description

Hi!

I was working with Okena StormWatch[1] - a really interesting commercial intrusion prevention product - and saw that there is the SQL password for the admin account (sa) missing.

With a SQL client and a blank password it's possible for everyone who can connect to the manager to compromise the whole system/network.

My notification was sent on Fri, 15 Nov 2002 14:21:01 +0100 to info@OKENA.com - Nothing came back.

Thanks to Mario Robic for helping discovering this problem.

Bye, Marc

[1] http://www.okena.com

-- Computer, Technik und Security http://www.computec.ch