{"vuid":"VU#461219","idnumber":"461219","name":"Beck GmbH IPC@Chip TelnetD service ships with inadequately protected default account","keywords":["Beck GmbH","IPC@Chip","TelnetD","default password"],"overview":"There is a vulnerability in the Beck IPC@CHIP that may allow an attacker to gain access to the device.","clean_desc":"The Beck IPC@CHIP is a single chip embedded webserver. This device also contains a telnet server that ships with an account named \"Default\". This account essentially grants the user superuser privileges on the device. This account also (by default) does not have a \"strong\" password (it can be easily guessed and is publicly available). As a result, an attacker can easily guess the password or apply a brute-force password attack and perhaps gain entry to the device.","impact":"An attacker can connect to the telnet service and make use of a brute-force password attack and perhaps gain entry to the device.","resolution":"","workarounds":"Change the default settings on the telnet server so that there is no \"Default\" account.","sysaffected":"","thanks":"This vulnerability was discovered by \nSentry Research Labs","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/bid/2769","http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html","http://sentry-labs.com/files/ipc0101052101eng.txt"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-06-05T16:15:32Z","publicdate":"2001-05-24T00:00:00Z","datefirstpublished":"2001-09-27T12:31:49Z","dateupdated":"2001-09-27T18:10:18Z","revision":19,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"3","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"5.821875","cam_scorecurrentwidelyknown":"5.821875","cam_scorecurrentwidelyknownexploited":"10.884375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.821875,"vulnote":null}