Summary
The remote 3Com OfficeConnect VPN Firewall is prone to a default account authentication bypass vulnerability. This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.
It was possible to login as Admin with password 'admin'.
Solution
Change the password.
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AjaxPortal 'di.php' File Inclusion Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- ArticleFR CMS Multiple Vulnerabilities - Jan15