Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 4 Feb 2016 12:30:17 -0800
From: "Zach W." <kestrel@...linux.us>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: Open Source Media Center insecure default config

Hey all,

Using several other CVEs as an example (such as
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6850), I am
requesting a CVE for "OSMC: Open Source Media Center" default config.

1) Default user is osmc/osmc
2) SSH, and FTP are enabled by default, which osmc has access to
3) The interface does not require or request a password change for the
default user
4) osmc has full sudoers access and can gain root access via sudo

Thanks!

Zach W.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.