| VID |
22153 |
| Severity |
40 |
| Port |
8080 |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat Server still has a default account.
Jakarta Apache Tomcat Server is the Java application server that is used on the Apache Web server for the Java Servlet Pages and Java Servlets technologies. There are the default accounts such as the following account, which is configured on the Apache Tomcat Server in initial installing:
"admin:tomcat"
"admin:admin"
"tomcat:tomcat"
"admin:tomcat"
"root:root"
"role1:role1"
"role:changethis"
"root:changethis"
"tomcat:changethis"
The account management is important in preventing unauthorized access to the server. If these default accounts still exist on the server, a remote attacker can exploit the server (change the existing configuration, and so on) in a way that grants system access. |
| Recommendation |
Change the default passwords or remove the default accounts
1. Go to the directory [directory of Tomcat installation] ¡æ conf ¡æ user
2. Open the admin-user.xml file in the current directory.
3. Change the default passwords or remove the default accounts by editing this file.
You can gain the more information of Tomcat server from Apache Jakarta web site:
http://jakarta.apache.org/tomcat/ |
| Related URL |
CVE-1999-0508 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
