• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Paros HSQLDB Remote Authentication Bypass Vulnerability

Paros is prone to a remote authentication-bypass vulnerability.

This issue may result in the disclosure of sensitive information, and possible execution of commands on the victim machine.

Paros version 3.2.5 is affected; earlier versions may also be vulnerable.

Update: version 3.2.6 was released and addresses this issue from remote computers, because the database listens only on localhost by default. This still allows local users to connect, since the default username of 'sa' with a blank password is still used.