Test ID:	1.3.6.1.4.1.25623.1.0.103551
Category:	Default Accounts
Title:	MySQL / MariaDB Default Credentials (MySQL Protocol)
Summary:	It was possible to login into the remote MySQL using default; credentials.
Description:	Summary: It was possible to login into the remote MySQL using default credentials. Affected Software/OS: The following products are know to use such weak credentials: - CVE-2001-0645: Symantec/AXENT NetProwler 3.5.x - CVE-2002-1809: Windows binary release of MySQL 3.23.2 through 3.23.52 - CVE-2004-1532: AppServ 2.5.x and earlier - CVE-2004-2357: Proofpoint Protection Server - CVE-2006-1451: MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6 - CVE-2007-2554: Associated Press (AP) Newspower 4.0.1 and earlier - CVE-2007-6081: AdventNet EventLog Analyzer build 4030 - CVE-2009-0919: XAMPP - CVE-2014-3419: Infoblox NetMRI before 6.8.5 - CVE-2015-4669: Xsuite 2.x - CVE-2016-6531, CVE-2018-15719: Open Dental before version 18.4 - CVE-2024-22901: Vinchin Backup & Recovery 7.2 and prior Other products might be affected as well. Solution: - Change the password as soon as possible - Contact the vendor for other possible fixes / updates CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0645 Bugtraq: 20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-05/0098.html Bugtraq: 20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x password restrictions (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-05/0097.html CERT/CC vulnerability note: VU#508387 http://www.kb.cert.org/vuls/id/508387 XForce ISS Database: netprowler-default-management-password(6537) https://exchange.xforce.ibmcloud.com/vulnerabilities/6537 XForce ISS Database: netprowler-default-odbc-password(6539) https://exchange.xforce.ibmcloud.com/vulnerabilities/6539 Common Vulnerability Exposure (CVE) ID: CVE-2002-1809 BugTraq ID: 5503 http://www.securityfocus.com/bid/5503 Bugtraq: 20020818 Weak MySQL Default Configuration on Windows (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html http://www.iss.net/security_center/static/9902.php Common Vulnerability Exposure (CVE) ID: CVE-2004-1532 BugTraq ID: 11704 http://www.securityfocus.com/bid/11704 Bugtraq: 20041118 AppServ 2.5.x and Prior Exploit (Google Search) http://marc.info/?l=bugtraq&m=110079586328430&w=2 XForce ISS Database: appserv-default-account(18163) https://exchange.xforce.ibmcloud.com/vulnerabilities/18163 Common Vulnerability Exposure (CVE) ID: CVE-2004-2357 http://marc.info/?l=full-disclosure&m=107745676915297&w=2 http://marc.info/?l=full-disclosure&m=107752568009182&w=2 XForce ISS Database: proofpoint-mysql-gain-access(15280) https://exchange.xforce.ibmcloud.com/vulnerabilities/15280 Common Vulnerability Exposure (CVE) ID: CVE-2006-1451 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html BugTraq ID: 17951 http://www.securityfocus.com/bid/17951 Cert/CC Advisory: TA06-132A http://www.us-cert.gov/cas/techalerts/TA06-132A.html http://www.osvdb.org/25595 http://securitytracker.com/id?1016077 http://secunia.com/advisories/20077 http://www.vupen.com/english/advisories/2006/1779 XForce ISS Database: macos-mysql-manager-blank-password(26420) https://exchange.xforce.ibmcloud.com/vulnerabilities/26420 Common Vulnerability Exposure (CVE) ID: CVE-2007-2554 Bugtraq: 20070508 AP Newspower software <=4.0.1 allows remote data manipulation (Google Search) http://www.securityfocus.com/archive/1/467962/100/0/threaded http://osvdb.org/36251 http://securityreason.com/securityalert/2679 Common Vulnerability Exposure (CVE) ID: CVE-2007-6081 BugTraq ID: 26304 http://www.securityfocus.com/bid/26304 http://osvdb.org/42423 http://secunia.com/advisories/27833 Common Vulnerability Exposure (CVE) ID: CVE-2009-0919 http://ptk.dflabs.com/security.html http://www.debianhelp.co.uk/xampp.htm http://www.ibm.com/developerworks/linux/library/l-xampp/ XForce ISS Database: ptk-default-password(49306) https://exchange.xforce.ibmcloud.com/vulnerabilities/49306 Common Vulnerability Exposure (CVE) ID: CVE-2014-3419 BugTraq ID: 68473 http://www.securityfocus.com/bid/68473 Bugtraq: 20140709 Weak Local Database Credentials in Infoblox Network Automation (Google Search) http://www.securityfocus.com/archive/1/532710/100/0/threaded http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html https://github.com/depthsecurity/NetMRI-2014-3418 http://www.securitytracker.com/id/1030542 XForce ISS Database: infoblox-cve20143419-default-account(94450) https://exchange.xforce.ibmcloud.com/vulnerabilities/94450 Common Vulnerability Exposure (CVE) ID: CVE-2015-4669 Bugtraq: 20150722 Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] (Google Search) http://www.securityfocus.com/archive/1/536058/100/0/threaded https://www.exploit-db.com/exploits/37708/ http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt Common Vulnerability Exposure (CVE) ID: CVE-2016-6531 BugTraq ID: 92780 http://www.securityfocus.com/bid/92780 CERT/CC vulnerability note: VU#619767 http://www.kb.cert.org/vuls/id/619767 http://www.kb.cert.org/vuls/id/GWAN-ACVSBM Common Vulnerability Exposure (CVE) ID: CVE-2018-15719 https://www.tenable.com/security/research/tra-2018-44 Common Vulnerability Exposure (CVE) ID: CVE-2024-22901 http://vinchin.com https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ https://seclists.org/fulldisclosure/2024/Jan/30
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.