Vulnerabilities > CVE-2009-1465 - Credentials Management vulnerability in Klinzmann Application Access Server 2.0.48

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
klinzmann
CWE-255
nessus

Summary

Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default password for the admin account, which makes it easier for remote attackers to obtain access.

Vulnerable Configurations

Part Description Count
Application
Klinzmann
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyWeb Servers
NASL idAAS_DEFAULT_CREDS.NASL
descriptionThe remote installation of A-A-S Application Access Server is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application and host.
last seen2020-06-01
modified2020-06-02
plugin id38761
published2009-05-14
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/38761
titleA-A-S Application Access Server Default Admin Password

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/77441/klinzmann-xsrfexec.txt
idPACKETSTORM:77441
last seen2016-12-05
published2009-05-13
reporterFelipe Daragon
sourcehttps://packetstormsecurity.com/files/77441/Klinzmann-A-A-S-XSRF-Code-Execution.html
titleKlinzmann A-A-S XSRF / Code Execution