Date: Wed, 18 Dec 2002 08:06:19 +0100
From: Marc Ruef <[email protected]>
To: [email protected], [email protected],
Subject: Missing admin sql password in Okena StormWatch
Hi!
I was working with Okena StormWatch[1] - a really interesting commercial
intrusion prevention product - and saw that there is the SQL password
for the admin account (sa) missing.
With a SQL client and a blank password it's possible for everyone who
can connect to the manager to compromise the whole system/network.
My notification was sent on Fri, 15 Nov 2002 14:21:01 +0100 to
[email protected] - Nothing came back.
Thanks to Mario Robic for helping discovering this problem.
Bye, Marc
[1] http://www.okena.com
--
Computer, Technik und Security
http://www.computec.ch
