XAMPP - Insecure Default Password Disclosure

Author: Morning Wood
type: dos
platform: multiple
port: 
date_added: 2005-04-12  
date_updated: 2013-05-13  
verified: 1  
codes: CVE-2005-1078;OSVDB-15636  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25393.txt  

source: https://www.securityfocus.com/bid/13131/info

An insecure default password disclosure vulnerability affects XAMPP. This issue is due to a failure of the application to properly secure access to default passwords.

An attacker may leverage this issue to gain access to the default passwords for many utilities installed by the affected application, including the MySQL 'root' user, the phpMyAdmin 'pma' user, the FTP 'nobody' user and the Tomcat administrator.

http://www.example.com/xampp/security.php