Slashcode默认管理密码漏洞

漏洞信息详情

Slashcode默认管理密码漏洞

• CNNVD编号：CNNVD-200012-048
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-1015
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2000-12-11
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-24
  
• 厂        商：
  
  open_source_development_network
• 漏洞来源：
  Posted to Bugtraq …

Slashcode 2.0 Alpha之前版本的默认配置有默认管理密码。远程攻击者提升Slashcode特权和可能执行任意命令。

Slashcode has recommended that administrators change the admin users’ passwords from the default installation passwords:
“check in your database what your passwords are by SELECT aid,pwd FROM authors;. This will give you a list of all your admin users and passwords. You can either change any unchanged passwords via the admin interface via the “Authors” admin menu URL, or go into the database: UPDATE authors set pwd = ‘newpassword’ WHERE aid = ‘aidinquestion’; ”

来源: XF
名称: slashcode-default-admin-passwords
链接:http://xforce.iss.net/static/5306.php

来源: BID
名称: 1731
链接:http://www.securityfocus.com/bid/1731

来源: BUGTRAQ
名称: 20000929 Default admin password with Slashcode.
链接:http://archives.neohapsis.com/archives/bugtraq/2000-09/0366.html