Vulnerabilities > CVE-2005-4145 - Remote Security vulnerability in Listmanager
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Lyris ListManager MSDE Weak sa Password. CVE-2005-4145. Remote exploit for windows platform |
id | EDB-ID:16397 |
last seen | 2016-02-01 |
modified | 2010-09-20 |
published | 2010-09-20 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16397/ |
title | Lyris ListManager MSDE Weak sa Password |
Metasploit
description | This module exploits a weak password vulnerability in the Lyris ListManager MSDE install. During installation, the 'sa' account password is set to 'lminstall'. Once the install completes, it is set to 'lyris' followed by the process ID of the installer. This module brute forces all possible process IDs that would be used by the installer. |
id | MSF:EXPLOIT/WINDOWS/MSSQL/LYRIS_LISTMANAGER_WEAK_PASS |
last seen | 2020-05-23 |
modified | 2017-07-24 |
published | 2009-10-18 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4145 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb |
title | Lyris ListManager MSDE Weak sa Password |
Nessus
NASL family | Windows |
NASL id | LISTMANAGER_MSDE_WEAK_SA_PASSWORD.NASL |
description | The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager on the remote host was installed using Microsoft SQL Server Desktop Engine (MSDE) for its database backend along with a weak password for the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20728 |
published | 2006-01-16 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20728 |
title | Lyris ListManager MSDE Weak sa Password |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/83075/lyris_listmanager_weak_pass.rb.txt |
id | PACKETSTORM:83075 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | H D Moore |
source | https://packetstormsecurity.com/files/83075/Lyris-ListManager-MSDE-Weak-sa-Password.html |
title | Lyris ListManager MSDE Weak sa Password |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
- http://metasploit.com/research/vulns/lyris_listmanager/
- http://secunia.com/advisories/17943
- http://www.osvdb.org/21559
- http://www.securityfocus.com/archive/1/419077/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2820