Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Novell Groupwise servlet default account

Novell Groupwise servlet default account

by Nikola Strahija on December 17th, 2001 A default username and password exists that controls the servlet manager. The servlet manager allows the configuration of the servlets to be loaded, reloaded or unloaded. This is more of an annoyance than a exploit. The ability to control and unload servlets allows an attacker to deny web based services to users. This will prevent users from accessing mail or other servlet based resources.


Vulnerable:
Groupwise 5.5 Enhancement Pack
Groupwise 6.0
on Windows NT, Windows 2000, Netware 5

Proof of concept:
http://server/servlet/ServletManager
username: servlet
password: manager

We strongly advise you to change the default password.

Credit for this vulnerability goes to Adam Gray, Novacost Inc.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »