[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

assignment question

There is some software, part of the installation is a web 
server/application.  On initial install, the web application is 
configured with a default password.  Upon first login, the user is 
required to change the password, create new accounts(s), along with 
other first-time setup configuration activities.

IOW, if I obtain and install this software and walk away before 
completing the first-time setup, I've left myself exposed.

This is *barely* a vulnerability in my book, assuming there are 
sufficient warnings and documentation informing the user about the need 
to run the first-time setup.

CVE or no CVE?


 - Art

My answer is a weak "yes" with as low a severity/priority as possible.

Page Last Updated or Reviewed: December 12, 2018