The MSDE version of Lyris ListManager 5.0 up to and including 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote malicious users to gain access via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lyris technologies inc listmanager 6.0 |
||
lyris technologies inc listmanager 7.0 |
||
lyris technologies inc listmanager 8.0 |
||
lyris technologies inc listmanager 8.8a |
||
lyris technologies inc listmanager 5.0 |