|
Family: CGI abuses --> Category: infos
Horde Default Admin Password Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for default admin password vulnerability in Horde
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that uses a default
administrative password.
Description :
The remote installation of horde uses an administrative account with
no password. A possible hacker can leverage this issue to gain full control
over the affected application and to run arbitrary shell, PHP, and SQL
commands using the supplied admin utilities.
Note that while the advisory is from Debian, the flaw is not specific
to that distribution - any installation of Horde that has not been
completely configured is vulnerable.
See also :
http://www.debian.org/security/2005/dsa-884
http://www.horde.org/horde/docs/?f=INSTALL.html#configuring-horde
Solution :
Either remove Horde or complete its configuration by configuring
an authentication backend.
Threat Level:
Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|