Vulnerabilities > CVE-2001-0372 - Unspecified vulnerability in Akopia Interchange 4.5.3

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

akopia

critical

NVD

Published: 2001-06-18

Updated: 2017-12-19

Summary

Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.

Vulnerable Configurations

Part	Description	Count
Application	Akopia Akopia Akopia Interchange 4.5.3 Akopia Akopia Interchange *	2

References

http://archives.neohapsis.com/archives/bugtraq/2001-03/0337.html
http://lists.akopia.com/pipermail/interchange-announce/2001/000009.html
http://www.securityfocus.com/bid/2499
https://exchange.xforce.ibmcloud.com/vulnerabilities/6273