Vulnerabilities > CVE-2009-1465 - Credentials Management vulnerability in Klinzmann Application Access Server 2.0.48
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Web Servers |
| NASL id | AAS_DEFAULT_CREDS.NASL |
| description | The remote installation of A-A-S Application Access Server is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application and host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 38761 |
| published | 2009-05-14 |
| reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/38761 |
| title | A-A-S Application Access Server Default Admin Password |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/77441/klinzmann-xsrfexec.txt |
| id | PACKETSTORM:77441 |
| last seen | 2016-12-05 |
| published | 2009-05-13 |
| reporter | Felipe Daragon |
| source | https://packetstormsecurity.com/files/77441/Klinzmann-A-A-S-XSRF-Code-Execution.html |
| title | Klinzmann A-A-S XSRF / Code Execution |