oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-request: phpMyFAQ default password 1.3.2

From: Henri Salo <henri () nerv fi>
Date: Thu, 10 May 2012 10:39:30 +0300
This is very old issue from 2003 without CVE-identifier.

Description:

By default, phpMyFAQ installs with a default password. An unspecified account has an unspecified password which is 
publicly known and documented. This allows attackers to trivially access the program or system and gain privileged 
access.

http://osvdb.org/show/osvdb/81714
http://www.phpmyfaq.de/changelog.php

Is there a general CVE-identifier for issues like default password, which I think would be OK in case like this? If 
user upgraded installation from old version to new this was not fixed in the process.

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: