Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0772

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0772
Last Modified 05 Sep 2008 04:21:51
Published 20 Oct 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0772

Summary

The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.

Vulnerable Systems

Application

  • Tumbleweed Messaging Management System 4.3

  • Tumbleweed Messaging Management System 4.5

  • Tumbleweed Messaging Management System 4.6


References

BID - 1562

XF - tumbleweed-mms-blank-password

CONFIRM - http://thompson.tumbleweed.com/NewKB/bulletin/UPFiles/sa-official.htm

BUGTRAQ - 20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability


Last Updated: 27 May 2016 10:35:52