Default credentials

2009-03-1619:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the “lampp” default password for the “nobody” account within the included ProFTPD installation, (2) a blank default password for the “root” account within the included MySQL installation, (3) a blank default password for the “pma” account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with “no contact from / to internet.”

CPENameOperatorVersion
xamppeq1.4.9 windows
xamppeq1.5.0 windows
xamppeq1.5.2 windows
xamppeq1.4.3 windows
xamppeq1.4.12 linux
xamppeq0.6.3 macosx
xamppeq1.6.0 windows
xamppeq1.0.1 macosx
xamppeq1.0 windows
xamppeq1.4.3 linux

Name	Operator	Version
xampp	eq	1.4.9 windows
xampp	eq	1.5.0 windows
xampp	eq	1.5.2 windows
xampp	eq	1.4.3 windows
xampp	eq	1.4.12 linux
xampp	eq	0.6.3 macosx
xampp	eq	1.6.0 windows
xampp	eq	1.0.1 macosx
xampp	eq	1.0 windows
xampp	eq	1.4.3 linux