lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 11 Sep 2014 15:33:13 +0000 (GMT)
From: "Larry W. Cashdollar" <larry0@...com>
To: fulldisclosure@...lists.org
Subject: [FD] Rooted SSH/SFTP Daemon Default Login Credentials

I stumbled on to this while setting up an android vulnerability testing lab.

Title: Rooted SSH/SFTP Daemon Default Login Credentials

Author: Larry W. Cashdollar, @_larry0

OSVDB-ID: 110742

Date: 9/2/2014

Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon

Description: "This app is a SSH terminal server AND an SFTP file server."

Vulnerability: The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system.

Recommended Fix: Request the user set the password upon installation.

Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014

Greets to 44CON.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ