MAJOR SECURITY HOLE IN BUILD 4030

MAJOR SECURITY HOLE IN BUILD 4030

EventLog Analyzer build 4030 for Windows (and possibly Unix/Linux) ships with an alarming and glaringly obvious security hole. The mysql instance is configured by default to accept remote connections, and again, by default uses a username of "root" with a blank password. The implications of this should be fairly obvious to anyone reading this post, and SHOULD have been obvious to the Adventnet developers. Any attacker, having compromised a host with network access to the EventLog Analyzer host would be able to alter logs at will in order to cover their tracks. Obviously, this also applies to a direct compromise of the EventLog Analyzer host, though that introduces a whole different set of issues. Furthermore, there is the possibility of an attacker using this unrestricted access as leverage to compromise the EventLog Analyzer host itself by taking advantage of any flaws in mysql, or it's configuration.

All users should immediately take steps to prevent remote connections by using a host based firewall to filter inbound traffic to TCP port 33335.

Moderator,

This information will be released to Bugtraq in 60 days. It will be released immediately if you fail to approve this post within 4 hours.






      • Topic Participants

      • ajay

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products