Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Horde Default Admin Password Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for default admin password vulnerability in Horde

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that uses a default
administrative password.

Description :

The remote installation of horde uses an administrative account with
no password. A possible hacker can leverage this issue to gain full control
over the affected application and to run arbitrary shell, PHP, and SQL
commands using the supplied admin utilities.

Note that while the advisory is from Debian, the flaw is not specific
to that distribution - any installation of Horde that has not been
completely configured is vulnerable.

See also :

http://www.debian.org/security/2005/dsa-884
http://www.horde.org/horde/docs/?f=INSTALL.html#configuring-horde

Solution :

Either remove Horde or complete its configuration by configuring
an authentication backend.

Threat Level:

Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.