1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
Rule:
--
Sid: 2146
--
Summary:
This event is generated when an attempt is made to exploit a weakness in the php application TextPortal.
--
Impact:
Potential administrator access.
--
Detailed Information:
This event indicates that an attempt has been made to supply a known default administrator password for the php application TextPortal.
The default administrator account 'god2' has known, weak passwords that could be used by an attacker to gain unauthorized access to the application.
--
Affected Systems:
Any host using TextPortal.
--
Attack Scenarios:
An attacker can log in to the application using the account god2 and gain administrator access to the site.
--
Ease of Attack:
Simple.
--
False Positives:
None Known.
--
False Negatives:
None Known.
--
Corrective Action:
Check the php implementation on the host. Ensure all measures have been taken to deny access to sensitive files.
Disable the god2 account.
Check the host for signs of compromise.
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
Bugtraq:
http://www.securityfocus.com/bid/7673
--
|
