Vulnerabilities > CVE-2009-0919 - Credentials Management vulnerability in Apachefriends Xampp

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

apachefriends

CWE-255

NVD

Published: 2009-03-16

Updated: 2017-08-17

Summary

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."

Vulnerable Configurations

Part	Description	Count
Application	Apachefriends Apachefriends Xampp 0.1 Apachefriends Xampp 0.2 Apachefriends Xampp 0.3 Apachefriends Xampp 0.4 Apachefriends Xampp 0.5 Apachefriends Xampp 0.6 Apachefriends Xampp 0.6.1 Apachefriends Xampp 0.6.2 Apachefriends Xampp 0.6.3 Apachefriends Xampp 0.6A Apachefriends Xampp 0.7 Apachefriends Xampp 0.7.0 Apachefriends Xampp 0.7.1 Apachefriends Xampp 0.7.2 Apachefriends Xampp 0.7.3 Apachefriends Xampp 0.7.4 Apachefriends Xampp 0.8.1 Apachefriends Xampp 0.8.2 Apachefriends Xampp 0.9 Apachefriends Xampp 1.0 Apachefriends Xampp 1.0.1 Apachefriends Xampp 1.1 Apachefriends Xampp 1.2 Apachefriends Xampp 1.3 Apachefriends Xampp 1.4 Apachefriends Xampp 1.4.2 Apachefriends Xampp 1.4.3 Apachefriends Xampp 1.4.4 Apachefriends Xampp 1.4.5 Apachefriends Xampp 1.4.6 Apachefriends Xampp 1.4.7 Apachefriends Xampp 1.4.8 Apachefriends Xampp 1.4.9 Apachefriends Xampp 1.4.10 Apachefriends Xampp 1.4.11 Apachefriends Xampp 1.4.12 Apachefriends Xampp 1.4.13 Apachefriends Xampp 1.4.14 Apachefriends Xampp 1.4.15 Apachefriends Xampp 1.4.16 Apachefriends Xampp 1.5 Apachefriends Xampp 1.5.0 Apachefriends Xampp 1.5.1 Apachefriends Xampp 1.5.2 Apachefriends Xampp 1.5.3 Apachefriends Xampp 1.5.4 Apachefriends Xampp 1.5.4A Apachefriends Xampp 1.5.5 Apachefriends Xampp 1.5.5A Apachefriends Xampp 1.6 Apachefriends Xampp 1.6.0 Apachefriends Xampp 1.6.0A Apachefriends Xampp 1.6.1 Apachefriends Xampp 1.6.2 Apachefriends Xampp 1.6.3 Apachefriends Xampp 1.6.3A Apachefriends Xampp 1.6.3B Apachefriends Xampp 1.6.4 Apachefriends Xampp 1.6.5 Apachefriends Xampp 1.6.5A Apachefriends Xampp 1.6.6 Apachefriends Xampp 1.6.6A Apachefriends Xampp 1.6.7 Apachefriends Xampp 1.6.8 Apachefriends Xampp 1.6.8A Apachefriends Xampp 1.7 Apachefriends Xampp 1.7.1 Apachefriends Xampp Development	109

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References