| VID |
23041 |
| Severity |
40 |
| Port |
7100 |
| Protocol |
TCP |
| Class |
IRCXPRO |
| Detailed Description |
The IRCXPro is running and the default administrative ID/Password is set.
The IRCXpro Server is a freely available Internet Relay-Chat (IRC/IRCX) server for Microsoft Windows platforms. In the default installation, the IRCXPro creates the default ID and password for remote administrative control, "admin:password". By exploiting this vulnerability, a remote attacker can gain unauthorized administrative access if it's not changed.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-06/0015.html
* Softwares Affected:
IRCXPro Server 1.0 |
| Recommendation |
No the appropriate vendor-supplied patch for this vulnerability as of June 2003.
As a workaround,
1. Open the IRCXPro control interface, "IRCXPro", from the start menu.
2. Select the "Operators" and select the operator name "admin".
3. Delete the operator by using "Delete Operator" button, then Add new administrative account by using "Add Operator" button.
4. Or, change the default password of "admin" account(password) to strong password by using "Editor Operator" button. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
12168 (ISS) |
|
