[28241] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Missing admin sql password in Okena StormWatch

daemon@ATHENA.MIT.EDU (Marc Ruef)
Wed Dec 18 12:11:30 2002

Message-ID: <3E001E6B.DF002696@computec.ch>
Date: Wed, 18 Dec 2002 08:06:19 +0100
From: Marc Ruef <marc.ruef@computec.ch>
MIME-Version: 1.0
To: bugtraq@securityfocus.com, submissions@packetstormsecurity.org,
        news@securiteam.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

I was working with Okena StormWatch[1] - a really interesting commercial
intrusion prevention product - and saw that there is the SQL password
for the admin account (sa) missing.

With a SQL client and a blank password it's possible for everyone who
can connect to the manager to compromise the whole system/network.

My notification was sent on Fri, 15 Nov 2002 14:21:01 +0100 to
info@OKENA.com - Nothing came back.

Thanks to Mario Robic for helping discovering this problem.

Bye, Marc

[1] http://www.okena.com

-- 
Computer, Technik und Security
http://www.computec.ch


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28241] in bugtraq

Missing admin sql password in Okena StormWatch

daemon@ATHENA.MIT.EDU (Marc Ruef)Wed Dec 18 12:11:30 2002

daemon@ATHENA.MIT.EDU (Marc Ruef)
Wed Dec 18 12:11:30 2002