Opsware NAS 6.0 reveals MySQL 'root' password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Opsware NAS 6.0 reveals MySQL 'root' password

Subject: Opsware NAS 6.0 reveals MySQL 'root' password
Date: Mon, 24 Jul 2006 10:05:04 -0500
From: "Freeman, Michael" <suppressed>

The Opsware Network Automation System (NAS) version 6.0 installation
places an 'init' style startup script in /etc/init.d/mysqll and places
the 'root' password that you choose for the MySQL MAX database during
installation. 

The permissions on this small shell script are world readable, allowing
any user of the system to compromise the 'root' MySQL account. This
could reveal network intelligence including stored/shared authentication
credentials for network devices.

Prev by Date: Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability
Next by Date: SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced
Previous by thread: Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability
Next by thread: Re: Opsware NAS 6.0 reveals MySQL 'root' password
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.