Kloxo HostInABox 575 - Multiple resources default passwords



DESCRIPTION


The default Kloxo installation had default passwords on several resources.



IMPACT


Unauthorized access to servers running Kloxo.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Password      Resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
21232f297a    kloxo database
pass          roundcubemail database
admin         root (system account)
admin         admin (system account)
lx11          lxpopuser (MySQL user account)


"21232f297a" is the first 10 characters of the md5 hash of the string "admin":

[user@host ~]$ echo -n admin | md5sum | cut -c 1-10
21232f297a