Rooted SSH/SFTP Daemon Default Login Credentials

2014.09.13
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @_larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon Description: "This app is a SSH terminal server AND an SFTP file server." Vulnerability: The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system. Recommended Fix: Request the user set the password upon installation. Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014 Greets to 44CON.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top