Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
30 August 2012
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 126.96.36.19999 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Today almost every company is dealing with big data in one way or another – including customer data, tracking data, and behavioral marketing information – connecting every aspect of our lives. While this is a cutting edge use of technology, data monitoring can become dangerous when placed in the wrong hands.
Robert Hansen, Vice President of WhiteHat Security Labs, discusses the evolution of web application security, offers advice on how to improve web application security practices, recommends tools, and more.
While there is an increasing recognition in many organizations that application security is an important piece of the overall puzzle, putting together a comprehensive strategy that will effectively reduce an organization’s risk profile is not easy.
Insiders have been responsible for some interesting breaches or hostage scenarios in recent history, whether intentional or not. So, which is a bigger threat - an external hacker or a disgruntled employee?