VULHUB ™

A vulnerability has been reported for Okena StormWatch's database server. Reportedly, the database administrative user is supplied with a blank password. A remote attacker can exploit this vulnerability by connecting to a vulnerable system's StormWatch database server as an administrative user to corrupt database information. It may also be possible for attackers to gain access to the underlying device. It is likely that this is or is related to the issue described in BID 4797. ** The vendor has responded stating that when StormWatch is installed, the 'sa' account password is set to a random value. As well, the authentication type is set to 'windows' to ensure that only a local administrator is able to access the database. The vendor has stated that database access via ODBC, as the local windows administrator, without entering a password, is the expected behaviour of the database. This is because the database uses the local administrator credentials when access is required. This...

A vulnerability has been reported for Okena StormWatch's database server. Reportedly, the database administrative user is supplied with a blank password. A remote attacker can exploit this vulnerability by connecting to a vulnerable system's StormWatch database server as an administrative user to corrupt database information. It may also be possible for attackers to gain access to the underlying device. It is likely that this is or is related to the issue described in BID 4797. ** The vendor has responded stating that when StormWatch is installed, the 'sa' account password is set to a random value. As well, the authentication type is set to 'windows' to ensure that only a local administrator is able to access the database. The vendor has stated that database access via ODBC, as the local windows administrator, without entering a password, is the expected behaviour of the database. This is because the database uses the local administrator credentials when access is required. This BID will be retired and kept for archival purposes.