Vulnerabilities > CVE-2009-1465 - Credentials Management vulnerability in Klinzmann Application Access Server 2.0.48
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Web Servers |
NASL id | AAS_DEFAULT_CREDS.NASL |
description | The remote installation of A-A-S Application Access Server is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application and host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 38761 |
published | 2009-05-14 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/38761 |
title | A-A-S Application Access Server Default Admin Password |
Packetstorm
data source | https://packetstormsecurity.com/files/download/77441/klinzmann-xsrfexec.txt |
id | PACKETSTORM:77441 |
last seen | 2016-12-05 |
published | 2009-05-13 |
reporter | Felipe Daragon |
source | https://packetstormsecurity.com/files/77441/Klinzmann-A-A-S-XSRF-Code-Execution.html |
title | Klinzmann A-A-S XSRF / Code Execution |