Bugtraq: Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password

From: Yvan Boily <yboily () gmail com>
Date: Sun, 29 Jan 2006 21:14:53 -0600

Wasn't this reported a long time ago?

http://www.securityfocus.com/bid/15141
Paros is prone to a remote authentication bypass vulnerability.

This issue may result in the disclosure of sensitive information, and
possible execution of commands on the victim machine.

Paros version 3.2.5 is affected; earlier versions may also be vulnerable.

Update: version 3.2.6 was released and addresses this issue from
remote computers, as the database listens only on localhost by
default. This still allows local users to connect, as the default
username of "sa" with a blank password is still used.

By Date By Thread

Current thread:

[ GLSA 200601-15 ] Paros: Default administrator password Sune Kloppenborg Jeppesen (Jan 30)
- Re: [Full-disclosure] [ GLSA 200601-15 ] Paros: Default administrator password Yvan Boily (Jan 30)