Family: CGI abuses --> Category: infos
Horde Default Admin Password Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for default admin password vulnerability in Horde
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that uses a default
The remote installation of horde uses an administrative account with
no password. A possible hacker can leverage this issue to gain full control
over the affected application and to run arbitrary shell, PHP, and SQL
commands using the supplied admin utilities.
Note that while the advisory is from Debian, the flaw is not specific
to that distribution - any installation of Horde that has not been
completely configured is vulnerable.
See also :
Either remove Horde or complete its configuration by configuring
an authentication backend.
Critical / CVSS Base Score : 10.0
Click HERE for more information and discussions on this network vulnerability scan.