Default Password (db2admin) for 'db2admin' Account on Windows

critical Nessus Plugin ID 33852

Synopsis

An account on the remote Windows host uses a default password.

Description

The 'db2admin' account on the remote Windows host uses a known password. This account may have been created during installation of DB2 for use when managing the application, and it likely belongs to the Local Administrators group.

Note that while the DB2 installation no longer uses a default password for this account, the upgrade process does not force a password change if the 'db2admin' account exists from a previous installation.

Solution

Assign a different password to this account as soon as possible.

See Also

https://seclists.org/bugtraq/2000/Dec/97

Plugin Details

Severity: Critical

ID: 33852

File Name: smb_account_db2admin_default_password.nasl

Version: 1.25

Type: local

Family: Databases

Published: 8/8/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:db2, cpe:/a:ibm:db2_universal_database

Required KB Items: SMB/name, SMB/transport

Excluded KB Items: SMB/not_windows, global_settings/supplied_logins_only, SMB/any_login

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/5/2000

Reference Information

CVE: CVE-2001-0051

BID: 2068