CVE-2001-0372

Name of the Vulnerable Software and Affected Versions Akopia Interchange versions 4.5.3 through 4.6.3

Description The issue allows a remote attacker to gain administrative access due to demo stores being installed with a default group account :backup that has no password. This can be exploited via the demo stores, including (1) barry, (2) basic, or (3) construct.

Recommendations For versions 4.5.3 through 4.6.3, change the password of the :backup group account to prevent unauthorized access. Consider removing or securing the demo stores (barry, basic, construct) until a proper fix is applied.