CVE-2008-1880

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 2.0.3.12981.0-r6

Description The default configuration of Firebird sets the ISC PASSWORD environment variable before starting Firebird, allowing remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

Recommendations For versions prior to 2.0.3.12981.0-r6, update to version 2.0.3.12981.0-r6 or later to resolve the issue. As a temporary workaround, consider removing the ISC PASSWORD environment variable to prevent attackers from bypassing SYSDBA authentication.