Vulnerabilities > CVE-2005-1078 - Unspecified vulnerability in Xampp Apache Distribution
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
Vulnerable Configurations
Exploit-Db
description | XAMPP Insecure Default Password Disclosure Vulnerability. CVE-2005-1078. Dos exploits for multiple platform |
id | EDB-ID:25393 |
last seen | 2016-02-03 |
modified | 2005-04-12 |
published | 2005-04-12 |
reporter | Morning Wood |
source | https://www.exploit-db.com/download/25393/ |
title | XAMPP Insecure Default Password Disclosure Vulnerability |
Nessus
NASL family CGI abuses NASL id XAMPP_MULTIPLE_VULNS.NASL description The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of this software contains security flaws and password disclosure weaknesses that could allow an attacker to perform cross-site scripting attacks against the remote host or to gain administrative access on the remote host if no password has been set. last seen 2020-06-01 modified 2020-06-02 plugin id 18036 published 2005-04-13 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18036 title XAMPP < 1.4.14 Multiple Vulnerabilities code # # (C) Tenable Network Security # include("compat.inc"); if (description) { script_id(18036); script_version("1.21"); script_cve_id("CVE-2005-1077", "CVE-2005-1078", "CVE-2005-2043"); script_bugtraq_id(13131, 13128, 13127, 13126, 13982, 13983); script_name(english:"XAMPP < 1.4.14 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host contains several applications that may use default passwords and be prone to cross-site scripting and directory traversal attacks." ); script_set_attribute(attribute:"description", value: "The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of this software contains security flaws and password disclosure weaknesses that could allow an attacker to perform cross-site scripting attacks against the remote host or to gain administrative access on the remote host if no password has been set." ); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=full-disclosure&m=111330048629182&w=2" ); script_set_attribute(attribute:"see_also", value:"http://sourceforge.net/project/shownotes.php?release_id=335710" ); script_set_attribute(attribute:"solution", value: "Upgrade to XAMPP 1.4.14 or newer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/12"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for the version of XAMPP"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port)) exit(0); r = http_send_recv3(method: "GET", item:"/xampp/start.php", port:port); if (isnull(r)) exit(0); res = r[2]; if ( egrep(pattern:"(Bienvenido a|Willkommen zu|Welcome to) XAMPP .* 1\.([0-3]\.|4\.[0-9][^0-9]|4\.1[0-3][^0-9])", string:res) ) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); }
NASL family FTP NASL id XAMPP_DEFAULT_FTP_ACCOUNT.NASL description The remote FTP server has an account with a known username / password combination that might have been configured when installing XAMPP. An attacker may be able to use this to gain authenticated access to the system, which could allow for other attacks against the affected application and host. last seen 2020-06-01 modified 2020-06-02 plugin id 18037 published 2005-04-13 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18037 title XAMPP Default FTP Account code #TRUSTED 94a504aa04cbd02f80cd3134d43769eeb0e72e1da69d82a20bbb438bdcc3dbc2330abf4b2896aec6b79c43608c51b0dd4c11dd3bcf092a03c482fe129ced8a32bf3ea931da67ee0d83af5ff6ebdd35ca607e844d1346aedc54e4f835144fe62d6d43f7c3568a235d0b466ac91ba2ba22eb9de30484400029a13c87572a3b14375aef8e57e589c89fdecc0fe620bc832431495ae830bd63d9947318f6d958821063a77614b8e48c8e57b9f540530f75a17cebfe493b65aab329beeb26db1511649a4ce388e8b44d8cc01b04facc2252de48bd7c587b4b7844cbb59345f372cfce43b5540d4fa5880ddcd5208f74753e4c0e3a9140d4344dc766fb136b96ba1474fe21abe665a25a0b815856739eb82bc4aba0cd56845b0d3dfab77ece2351afb5436ca8d1fda745e1d447ddd81fd39f1c1b5c504100b8c9fde4e05373b6cf3981dea3e0539ea6ab0412f63680d33a83cee1e930ab4fc142a176768a80179878d9d712fa704e7b26aebb35abdcdc6f48cf564564859b7fd1073542c257fb3df20b36ac7ae87b27bd2a63eeaaf0611196335d2229c859a4c3610c9fd6461f65ff469a902937b120b831c702ce4d235c6309dd1d1b22f3de71c592389abb0590c56643fad33324523e9b29bb0516d47144a44bc72b33351ab575e65f8cd6ca87a904cd72664f25939b1f8f7999fc2a0d177c6b9c61c0804f36fd2767a23c918fbc11 ### # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18037); script_version("1.34"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_cve_id("CVE-2005-1078"); script_bugtraq_id(13131); script_name(english:"XAMPP Default FTP Account"); script_summary(english:"Attempts to log in via FTP using credentials associated with XAMPP."); script_set_attribute(attribute:"synopsis", value: "The remote FTP server has an account that is protected with default credentials." ); script_set_attribute(attribute:"description", value: "The remote FTP server has an account with a known username / password combination that might have been configured when installing XAMPP. An attacker may be able to use this to gain authenticated access to the system, which could allow for other attacks against the affected application and host." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2005/Apr/256"); script_set_attribute(attribute:"solution", value: "Modify the FTP password of the remote host." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-1078"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/12"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:xampp:apache_distribution"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"FTP"); script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("DDI_FTP_Any_User_Login.nasl", "ftpserver_detect_type_nd_version.nasl"); script_require_ports("Services/ftp", 21); script_exclude_keys("global_settings/supplied_logins_only"); exit(0); } # # The script code starts here # include('audit.inc'); include('global_settings.inc'); include('ftp_func.inc'); port = get_ftp_port(default:21); if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY); if (get_kb_item('ftp/'+port+'/AnyUser')) audit(AUDIT_FTP_RANDOM_USER, port); i = 0; users[i] = "nobody"; passes[i] = "xampp"; i++; users[i] = "nobody"; passes[i] = "lampp"; # nb: this is the default in 1.4.13. i++; users[i] = "newuser"; passes[i] = "wampp"; info = ""; for (j=0; j<=i; j++) { user = users[j]; pass = passes[j]; soc = ftp_open_and_authenticate( user:user, pass:pass, port:port ); if(!soc) continue; info += ' - ' + user + '/' + pass + '\n'; close(soc); if (!thorough_tests) break; } if (info) { if (report_verbosity > 0) { if (max_index(split(info)) > 1) s = "s"; else s = ""; report = '\n' + 'Nessus uncovered the following set'+ s + ' of default credentials :\n' + info + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_LISTEN_NOT_VULN, "FTP", port);