Borland/Inprise Interbase 4.0/5.0/6.0 - Backdoor Password

EDB-ID:

20537

CVE:

2001-0008

EDB Verified:

Author:

Frank Schlottmann-Goedde

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2001-01-10

Vulnerable App: 
source: https://www.securityfocus.com/bid/2192/info

Interbase is an open source relational database offered by Borland Inprise Corporation.

Interbase contains a backdoor user account and password called "LOCKSMITH". When accessed this account will eliminate all implemented security allowing full control of any database and contents within the database, this level of access will allow any function to be performed including modification of objects, root access and execution of arbitrary functions. "LOCKSMITH" is hard coded in the database engine and is located in the jrd/pwd.h header.

Successful exploitation of this vulnerability will lead to complete compromise of the host. 

#define LOCKSMITH_USER "politically"

#define LOCKSMITH_PASSWORD "correct"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services