lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030710145301.GW10770@netsys.com>
From: len at netsys.com (Len Rose)
Subject: [anonymous@...nymous: (please fwd to full-disclosure anon) Default password issue with SEVIS software]

----- Forwarded message from an anonymous person -----

Subject: (please fwd to full-disclosure anon) Default password issue with SEVIS software
Date: Thu, 10 Jul 2003 09:48:56 -0500
From: "Anonymous" <anonymous@...nymous>
To: <len@...sys.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by netsys.com id h6AEn0f17799

It recently came to my attention that the SEVIS software (Dept of
Homeland Securities nightmarish product for tracking foreign
students/etc.) has a default admin password of user/newfront that is
supposed to be changed as part of the install. I'm sure there are
numerous sites that have not bothered to change it. 

It gets you full and total access to get in and read/update any data on
the individuals within the system.

If you could forward this anonymously to the list, I'd appreciate it.


----- End forwarded message -----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ