[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Opsware NAS 6.0 reveals MySQL 'root' password

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Opsware NAS 6.0 reveals MySQL 'root' password
From: "Freeman, Michael" <mfreeman@xxxxxxxxxxxx>
Date: Mon, 24 Jul 2006 10:05:04 -0500

The Opsware Network Automation System (NAS) version 6.0 installation
places an 'init' style startup script in /etc/init.d/mysqll and places
the 'root' password that you choose for the MySQL MAX database during
installation. 

The permissions on this small shell script are world readable, allowing
any user of the system to compromise the 'root' MySQL account. This
could reveal network intelligence including stored/shared authentication
credentials for network devices.

Prev by Date: SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced
Next by Date: Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)
Previous by thread: SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced
Next by thread: Re: Opsware NAS 6.0 reveals MySQL 'root' password
Index(es):
- Date
- Thread