Title: Sambar Server Admin Access Vulnerability
Severity: HIGH
Description:
'dumpenv.pl' is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information.
The default authentication credentials for the administrator account in a Sambar Server is Username: admin with the password left blank. Once a remote user has gained knowledge of the path to log into the admin account, it is possible for the user to login to the server via an http request. This unauthorized access is gained providing that the default settings have not been changed.
Successful exploitation of this vulnerability could lead to complete compromise of the host
Affected Products:
- Sambar Server 4.1.0beta
References:
- SAMBAR: SAMBAR HomePage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
