Auerswald COMsuite CTI应用程序弱默认密码漏洞

Auerswald COMsuite CTI应用程序弱默认密码漏洞

漏洞ID 1202212 漏洞类型 配置错误
发布时间 2003-12-31 更新时间 2003-12-31
图片[1]-Auerswald COMsuite CTI应用程序弱默认密码漏洞-安全小百科CVE编号 CVE-2003-1457
图片[2]-Auerswald COMsuite CTI应用程序弱默认密码漏洞-安全小百科CNNVD-ID CNNVD-200312-161
漏洞平台 N/A CVSS评分 4.6
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100103
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-161
|漏洞详情
AuerswaldCOMsuiteCTIControlCenter3.1创建一个具有易破解密码的默认“runasositron”用户账户,本地用户或远程攻击者可以获取访问权限。
|漏洞EXP
------------------------------------------------------------------------

SySS-Advisory: Auerswald COMsuite/ Back Door

DATE: April 16th 03 (Published 29th April 03)

AUTHOR: Sebastian Schreiber <Schreiber (at) SySS (dot) de [email concealed]>
        SySS GmbH
        72070 Tbingen / Germany
        Tel.: +49-7071-407856-0

AFFECTED SYSTEMS:
   Auerswald COMsuite CTI ControlCenter 3,1,2001,6
   (also known as: 3.1 06/2001)
   (see: www.auerswald.de)

DESCRIPTION:
   If you install the CTI applicaton "Auerswald
   COMsuite CTI Control Center" a user "runasositron"
   is created. The user's password is known by SySS and
   very easy to guess (using L0phtCrack for example).

IMPACT: This account can be used locally and remotely to
        access the Windows PC on which COMsuite is installed.

WORKAROUND: Deactivate the user. CTI still works.

VENDOR STATUS: Auerswald has been contacted on April 15th 2003.
               Auerswald told me that deactivating the
               account might disable fax/voice mail if nobody
               is logged on.

Best regards,

Dipl.-Inform. Pierre Kroma 
Security Consultant 
========================================================

SySS GmbH
72070 Tbingen 
Germany

Voice:  	++49 7071-407856-0 
mailto: 	Kroma (at) syss (dot) de [email concealed]
Key fingerprint = 927A B13E 16F5 BBAB 8F17  75EB D8E1 A9A4 F257 4EEC
|参考资料

来源:XF
名称:comsuite-runasositron-backdoor-account(11923)
链接:http://xforce.iss.net/xforce/xfdb/11923
来源:BID
名称:7458
链接:http://www.securityfocus.com/bid/7458
来源:BUGTRAQ
名称:20030429AuerswaldCOMsuite/BackDoor
链接:http://www.securityfocus.com/archive/1/319946
来源:SREASON
名称:3282
链接:http://securityreason.com/securityalert/3282

相关推荐: HP-UX LDAP-UX Integration Pam-Authz Privilege Escalation Vulnerability

HP-UX LDAP-UX Integration Pam-Authz Privilege Escalation Vulnerability 漏洞ID 1101475 漏洞类型 Access Validation Error 发布时间 2002-10-01 更…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享