Weak Password Configuration in MSDE Version of Lyris ListManager 5.0 through 8.9b

Weak Password Configuration in MSDE Version of Lyris ListManager 5.0 through 8.9b

CVE-2005-4145 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.

Learn more about our Web Application Penetration Testing UK.