Rooted SSH/SFTP Daemon Default Login Credentials

2014.09.13

Credit: Larry W. Cashdollar

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Title: Rooted SSH/SFTP Daemon Default Login Credentials
Author: Larry W. Cashdollar, @_larry0
OSVDB-ID: 110742
Date: 9/2/2014
Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon
Description: "This app is a SSH terminal server AND an SFTP file server."
Vulnerability: The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system.
Recommended Fix: Request the user set the password upon installation.
Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014
Greets to 44CON.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Rooted SSH/SFTP Daemon Default Login Credentials

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.