[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Rooted SSH/SFTP Daemon Default Login Credentials
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] Rooted SSH/SFTP Daemon Default Login Credentials
- From: "Larry W. Cashdollar" <larry0@xxxxxx>
- Date: Thu, 11 Sep 2014 15:33:13 +0000 (GMT)
I stumbled on to this while setting up an android vulnerability testing lab.
Title: Rooted SSH/SFTP Daemon Default Login Credentials
Author: Larry W. Cashdollar, @_larry0
OSVDB-ID: 110742
Date: 9/2/2014
Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon
Description: "This app is a SSH terminal server AND an SFTP file server."
Vulnerability: The software comes pre-configured with a default login of User:
root Password: abc123. This weak password would easily be guessed leading to
root compromise of the android system.
Recommended Fix: Request the user set the password upon installation.
Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014
Greets to 44CON.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/