CVE-2002-0310

Name of the Vulnerable Software and Affected Versions Netwin WebNews version 1.1k

Description The issue concerns default usernames and cleartext passwords in the Netwin WebNews 1.1k CGI program. These default credentials, which include combinations such as testweb/newstest, alwn3845/imaptest, alwi3845/wtest3452, and testweb2/wtest4879, cannot be deleted by the administrator. This allows remote attackers to gain privileges by using these username/password combinations.

Recommendations For Netwin WebNews version 1.1k, consider changing the default usernames and passwords to custom, secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the CGI program until secure credentials can be implemented.