WebNews CGI Program Vulnerability Exposes Default Credentials by Netwin
CVE-2002-0310

Currently unrated

Key Information:

Vendor: Netwin
Status: Webnews
Vendor: CVE Published:; 31 May 2002

What is CVE-2002-0310?

The Netwin WebNews 1.1k CGI application is vulnerable due to the inclusion of several default usernames and passwords. These credentials are hardcoded and cannot be removed by administrators, allowing remote attackers to easily gain unauthorized access. The known default username/password combinations include 'testweb/newstest', 'alwn3845/imaptest', 'alwi3845/wtest3452', and 'testweb2/wtest4879'. The presence of these unremovable credentials significantly increases the risk of privilege escalation attacks.

References

http://marc.info/?l=bugtraq&m=101432236729631&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4156

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/8255

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2002
Vulnerability Reserved
May 1, 2002