{"vuid":"VU#495705","idnumber":"495705","name":"Multi-Tech ProxyServers ship with null password for administrative access","keywords":["Multitech","MTPSR1-120","password","telnet","default","proxy server","Multi-Tech","ProxyServer"],"overview":"Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface.","clean_desc":"Some versions of the Multi-Tech  ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via TELNET and HTTP. The administrative interface, or \"supervisor\" account, allows users to modify configuration settings on the ProxyServer device. At least the following versions of the ProxyServer products exhibit this condition: MTPSR1-100\nMTPSR1-120\nMTPSR1-202ST\nMTPSR2-201\nMTPSR3-200","impact":"This vulnerability is the result of weak authentication and access control policies and can result in one or more of the following impacts: unauthorized access, unauthorized monitoring, information leakage, denial of service, and permanent disability of affected devices.","resolution":"Supply an administrative password when the device is installed. According to Multi-Tech: \"This product line has been discontinued for sometime. The vulnerability for the administrative password was addressed in the manual. Telnet is still open and can be disabled through the software, as suggested.\"","workarounds":"","sysaffected":"","thanks":"Thanks to UkR-XblP <cuctema@ok.ru> for reporting this vulnerability.","author":"This document was written by Chad R Dougherty.","public":["h","t","t","p",":","/","/","w","w","w",".","m","u","l","t","i","t","e","c","h",".","c","o","m"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:14:05.352812Z","publicdate":"2002-12-13T00:00:00Z","datefirstpublished":"2003-03-24T21:15:32Z","dateupdated":"2007-04-26T12:51:00Z","revision":11,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":3.705,"vulnote":null}