CVE-2009-0919

Name of the Vulnerable Software and Affected Versions XAMPP (affected versions not specified)

Description The issue concerns insecure default passwords in multiple packages installed by XAMPP. This makes it easier for remote attackers to gain access through various default passwords, including the nobody account in ProFTPD, the root account in MySQL, and the pma account in phpMyAdmin. This issue affects any product installed within the XAMPP environment.

Recommendations For XAMPP, change the default passwords for the nobody account in ProFTPD, the root account in MySQL, and the pma account in phpMyAdmin to secure passwords. As a temporary workaround, consider restricting access to the ProFTPD, MySQL, and phpMyAdmin installations until secure passwords are set. Avoid using default or blank passwords for any accounts within the XAMPP environment to minimize the risk of exploitation.