Kloxo HostInABox 575 - Multiple resources default passwords


The default Kloxo installation had default passwords on several resources.


Unauthorized access to servers running Kloxo.

Password      Resource
21232f297a    kloxo database
pass          roundcubemail database
admin         root (system account)
admin         admin (system account)
lx11          lxpopuser (MySQL user account)

"21232f297a" is the first 10 characters of the md5 hash of the string "admin":

[user@host ~]$ echo -n admin | md5sum | cut -c 1-10