bugtraq - Web Dictate Admin Null Password Vulnerability

lists.openwall.net		lists / announce john-users owl-users popa3d-users / xvendor oss-security / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4
Open Source and information security mailing list archives

Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide

[<prev] [next>] [month] [year] [list]

Date: 3 Sep 2006 17:40:17 -0000
From: revnic@...il.com
To: bugtraq@...urityfocus.com
Subject: Web Dictate Admin Null Password Vulnerability

Web Dictate Admin Null Password Vulnerability

Software: Web Dictate
Version: 1.02
Website: http://nchsoftware.com/

Description:
Web Dictate is a dictation system that lets you record, edit and manage dictation over the internet. You, and other users, log into a server running Web Dictate to record dictation with any ordinary web browser.

Vulnerability:
After assigning a password for the Admin account, it is possible to login as Admin with a null password.

Credit:
Discovered by Revnic Vasile