Bugtraq mailing list archives
Opsware NAS 6.0 reveals MySQL 'root' password
From: "Freeman, Michael" <mfreeman () multimax com>
Date: Mon, 24 Jul 2006 10:05:04 -0500
The Opsware Network Automation System (NAS) version 6.0 installation places an 'init' style startup script in /etc/init.d/mysqll and places the 'root' password that you choose for the MySQL MAX database during installation. The permissions on this small shell script are world readable, allowing any user of the system to compromise the 'root' MySQL account. This could reveal network intelligence including stored/shared authentication credentials for network devices.
Current thread:
- Opsware NAS 6.0 reveals MySQL 'root' password Freeman, Michael (Jul 24)
- <Possible follow-ups>
- Re: Opsware NAS 6.0 reveals MySQL 'root' password security-alert (Jul 27)