Novell Groupwise Servlet Manager Default Password Network Vulnerability

Summary

The Novell Groupwise servlet server is configured with the default password. As a result, users could be denied access to mail and other servlet based resources. To test this finding: https://<host>/servlet/ServletManager/ enter 'servlet' for the user and 'manager' for the password.

Solution

Change the default password Edit SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES change the username and password in this section servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor

References

http://www.securityfocus.com/bid/3697

Updated on 2015-03-25

Severity

Classification

CVE CVE-2001-1195

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Novell NetWare HTTP POST Perl Code Execution Vulnerability
Novell Groupwise Servlet Manager default password

Take action and discover your vulnerabilities