| VID |
22372 |
| Severity |
40 |
| Port |
41080,41443 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Brightmail Control Center HTTP service uses the default password for the 'admin' user. Symantec Brightmail Anti-Spam provides an access-restricted web-based Brightmail Control Center for administration and management of Brightmail Anti-Spam servers. The default installation of Brightmail Control Center has an account 'admin' with the password 'symantec'. A remote attacker with knowledge of this account could connect to an affected server using the Web interface to gain unauthorized access and make unauthorized changes to the server's configuration settings.
* Platforms Affected:
Symantec Brightmail Control Center Any version
Any operating system Any version |
| Recommendation |
Log in to the Brightmail Control Center and change the password for the 'admin' user to a value that is difficult to guess immediately. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
