| VID |
22193 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MultiTech Proxy Server has no password set for the 'supervisor' account.
This problem arises because that the Proxy Server ships with a NULL password by default. This could allow an unauthenticated user to access and modify sensitive server settings.
* References:
http://www.multitech.com/
* Platforms Affected:
Multitech ProxyServer MTPSR3-200
Multitech ProxyServer MTPSR2-201
Multitech ProxyServer MTPSR1-202ST
Multitech ProxyServer MTPSR1-120
Multitech ProxyServer MTPSR1-100 |
| Recommendation |
This product is no longer being actively maintained.
As a workaround, the vendor has addressed this vulnerability in the device manual. Assign a strong password for the default account, 'supervisor' . |
| Related URL |
CVE-2002-1629 (CVE) |
| Related URL |
7203 (SecurityFocus) |
| Related URL |
10845 (ISS) |
|
