Vulnerabilities > CVE-2005-3280 - Remote Authentication Bypass vulnerability in Paros 3.2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-200601-15.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-200601-15 (Paros: Default administrator password) Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20823 |
| published | 2006-01-30 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20823 |
| title | GLSA-200601-15 : Paros: Default administrator password |
References
- http://secunia.com/advisories/17089
- http://secunia.com/advisories/18626
- http://www.gentoo.org/security/en/glsa/glsa-200601-15.xml
- http://www.securityfocus.com/archive/1/423446/100/0/threaded
- http://www.securityfocus.com/bid/15141
- http://www.zone-h.com/en/advisories/read/id=8286/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22557