CVE-2023-25131

Name of the Vulnerable Software and Affected Versions PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 64bit versions 4.8.6 and earlier PowerPanel Business Management for Linux 32bit versions 4.8.6 and earlier PowerPanel Business Management for Linux 64bit versions 4.8.6 and earlier PowerPanel Business Local/Remote for MacOS versions 4.8.6 and earlier PowerPanel Business Management for MacOS versions 4.8.6 and earlier

Description The issue is related to the use of a default password in PowerPanel Business, allowing remote attackers to log in to the server directly and perform administrative functions. Upon installation or first login, the application does not prompt the user to change the admin password.

Recommendations For PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Management for Windows versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Local/Remote for Linux 64bit versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Management for Linux 32bit versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Management for Linux 64bit versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Local/Remote for MacOS versions 4.8.6 and earlier, update the admin password to a unique and secure value. For PowerPanel Business Management for MacOS versions 4.8.6 and earlier, update the admin password to a unique and secure value.