BugTraq
Opsware NAS 6.0 reveals MySQL 'root' password Jul 24 2006 03:05PM
Freeman, Michael (mfreeman multimax com)
The Opsware Network Automation System (NAS) version 6.0 installation
places an 'init' style startup script in /etc/init.d/mysqll and places
the 'root' password that you choose for the MySQL MAX database during
installation.

The permissions on this small shell script are world readable, allowing
any user of the system to compromise the 'root' MySQL account. This
could reveal network intelligence including stored/shared authentication
credentials for network devices.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus