| VID |
22413 |
| Severity |
40 |
| Port |
390 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Sun ONE Server Console is protected with a default set of credentials (admin/admin). Sun ONE Server Console provides a common user interface for Sun ONE server products. Sun Java System Directory Server 5.2 uses the default username and password to control access to the server using the Directory Server console. The default password for the user "admin" (that is already placed there for you in the initial run) is "admin". A remote attacker with knowledge of this account could connect to an affected application using the Web interface to gain unauthorized administrative access to a vulnerable server.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1
http://www.frsirt.com/english/advisories/2006/1832
http://securitytracker.com/id?1016112
http://secunia.com/advisories/20144
* Platforms Affected:
Sun Microsystems, Sun Java System Directory Server 5.2
Unix Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Change the administrative user password manually, as listed in Sun Alert Notification 102345 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1 |
| Related URL |
CVE-2006-2513 (CVE) |
| Related URL |
18018 (SecurityFocus) |
| Related URL |
26477 (ISS) |
|
