[Users] user 'admin' and mysql
Mark Kent
mark at noc.mainstreet.net
Wed Jun 14 23:29:34 CEST 2006
Hello,
I just noticed that openser_mysql.sh creates the username "admin" with
the default openserrw password in the subscriber table.
This seems to introduce a security hole where a well-known username
and password pair would exist on most virgin openser installations.
Is there a good reason to have that entry in the "subscriber" table?
Is it used anywhere?
Now I know that we're supposed to change the mysql access passwords,
but I have to admit that I didn't think to change a password actually
emebedded IN the data of the mysql database.
Did I miss a critical security note somewhere alerting me to this
default user?
Thanks,
-mark
More information about the Users
mailing list