Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Default Username/Password Pairs in ON Command CCM 5.x Database Ba

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Default Username/Password Pairs in ON Command CCM 5.x Database Backend
Date: 5 Oct 2004 12:31:35 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Default Username/Password Pairs in ON Command CCM 5.x Database Backend
------------------------------------------------------------------------


SUMMARY

 <http://sea.symantec.com/content/product.cfm?productid=10> ON Command CCM 
is "a solution for central management of Windows workstations and servers. 
It handles unattended OS and software installation on managed computers. 
All configuration information for managed workstations, including 
passwords for local administrators, domain administrator passwords if the 
workstation is joined to a domain and license keys are stored in the CCM 
database". The CCM server software is available for several OSes, 
including Solaris, Linux and Windows.

Four default username/password pairs are present in the Sybase database 
backend used by ON Command CCM 5.x servers. One of the username/password 
pairs is publicly available in a knowledge base article at ON Technology's 
web site.

The database accounts can be used to read and modify all data in the CCM 
database. The database contains among other things usernames and passwords 
for administrative accounts for all managed workstations and servers. In a 
default CCM installation the Sybase database server is reachable from the 
network on the standard Sybase database port.

Two of the database account passwords are extremely easy to guess.

DETAILS

Vulnerable Systems:
 * ON Command CCM version 5.0

Immune Systems:
 * ON Command CCM version 6.0

Impact:
Using any of the default database accounts an attacker can easily retrieve 
all passwords in clear-text for all systems managed by
CCM. Since this includes the domain administrator password if CCM handles 
joining managed systems to a domain (which is usually the case) this can 
lead to compromise on both servers and workstations.

Any other sensitive data, such as license keys, is also available from the 
CCM database.

Workarounds:
* The passwords can be changed for three of the users. The fourth user's 
credentials are used by the CCM server daemons and are hard-coded in the 
binaries.

* The Sybase database port can be firewalled locally on the CCMserver, 
denying access to network requests. Local requests can't be blocked 
however.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:jonas@takeit.se> Jonas 
Olsson.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Default Username/Password Pairs in ON Command CCM 5.x Database Backend, SecuriTeam <=
Previous by Date:  [TOOL] Fakebust - Fake Exploit Code Detector, SecuriTeam
Next by Date:  [NT] ColdFusion MX 6.1 on IIS File Contents Disclosure, SecuriTeam
Previous by Thread:  [TOOL] Fakebust - Fake Exploit Code Detector, SecuriTeam
Next by Thread:  [NT] ColdFusion MX 6.1 on IIS File Contents Disclosure, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]