Firebird Default Credentials

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote database service is protected with default credentials.

Description :

The version of Firebird on the remote host uses default credentials to
control access. Knowing these, an attacker can gain administrative
access to the affected application.

See also :

http://www.firebirdsql.org/manual/qsg2-config.html

Solution :

Use the application's 'gsec' utility to change the password for the
'SYSDBA' account.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 32315 (firebird_default_creds.nasl)

Bugtraq ID:

CVE ID: