[24364] in bugtraq
Netwin Webnews 1.1k
daemon@ATHENA.MIT.EDU (Shai)
Thu Feb 21 18:06:42 2002
Date: Thu, 21 Feb 2002 18:19:01 +0200
From: Shai <shai@akn-systems.com>
To: bugtraq@securityfocus.org
Message-id: <001201c1baf3$79592870$0b00000a@god>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Name: Netwin WebNews 1.1k
Operation system: tested under Redhat linux 7.0
Vendor status: The vendor has been contacted on the 20th of February and
hasn't replied yet.
Description:
The Netwin Webnews version 1.1k CGI (binaries) contains 4 default users
(within the binary) that can not be removed.
While running the "strings" command over the file webnews.pl, the users are
revealed:
testweb
newstest
alwn3845
imaptest
alwi3845
wtest3452
testweb2
wtest4879
For instance, testweb is the username and newstest is it's password.
Best regards,
Shai
Chief Hacking Officer
AKN Systems
