| VID |
16105 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FTP server has the default password for the FTP user 'nobody' created by XAMPP. XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP versions 1.4.13 and earlier could configure a FTP server to have the FTP password, 'lampp' for user 'nobody'. By using the default password for the FTP user nobody, a remote attacker could upload and change files for your XAMPP web server.
* References:
http://marc.theaimsgroup.com/?l=full-disclosure&m=111330048629182&w=2
* Platforms Affected:
XAMPP Apache Distribution versions 1.4.13 and earlier
Any operating system Any version |
| Recommendation |
Set a new password for user 'nobody' on the affected FTP server. |
| Related URL |
CVE-2005-1078 (CVE) |
| Related URL |
13131 (SecurityFocus) |
| Related URL |
(ISS) |
|
