SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  TelnetXQ Vendors:  DataWizard Technologies
TelnetXQ Default Account With Common Password Lets Remote Users Access the System
SecurityTracker Alert ID:  1007324
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 28 2003
Impact:  User access via network
Exploit Included:  Yes  
Version(s): 2.6.2
Description:  CyberTalon reported a configuration vulnerability in the TelnetXQ server. A remote user can access a default account on the system.

It is reported that, by default, TelnetXQ enables an unrestricted account with the username and password of "test". A remote user can login to this account to gain access the the C: drive.
Impact:  A remote user can gain access to the system using a default account (enabled by default).
Solution:  No solution was available at the time of this entry.

The author of the report indicates that you can change the username and password of this default account.
Vendor URL:  www.datawizard.net/Free_Software/TelnetXQ_Free/telnetxq_free.htm (Links to External Site)
Cause:  Configuration error
Underlying OS:  Windows (Any)
Reported By:  cyber talon <cyber_talon@hotmail.com>
Message History:   None.

 Source Message Contents
Date:  Mon, 28 Jul 2003 18:48:04 -0300
From:  cyber talon <cyber_talon@hotmail.com>
Subject:  TelnetXQ Vulnerability

 

                    TelnetXQ Default Vulnerability

                    Found by: CyberTalon 07-28-03

1. Intro
2. Was tested on
3. Problem
4. Solution
5. Ending

1. I have found a severe vulnerabilty in TelnetXQ, a telnet server for
Windows. It could allow an attacker to compromise the machine.

2. Windows XP SP2
    TelnetXQ 2.6.2

3. By default, TelnetXQ has a totally unrestricted account enabled with
a username of "test", and a password of "test". All an attacker has to
do is telnet to the server, input the username and password, and they
have access to the victims C drive, along with all commands avaible as
well.

4. They need to fix this, and not enable the account atleast by
default. But as a personal fix, just change the username and password,
along with whatever other fields/options you desire.

5. This is very serious, and need to be fixed soon. It replys mostly on
the server administrator to be unaware of the account being
enabled/useable, and that they even know what it means or does.

-CT

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC