QaTraq Default Credentials Vulnerability Allowing Administrative Access
Vulnerability
A vulnerability exists in QaTraq version 6.9.2 due to the inclusion of default administrative credentials ('admin:admin') that are active upon installation. This allows immediate administrative access through the web application login page. The issue arises because there is no mechanism to change these credentials during setup, leaving the account accessible to anyone who can reach the login page.
Impact
Exploitation of this vulnerability allows for unauthorized administrative access to the QaTraq application.
Reproduction
To reproduce this vulnerability, access the web login page of QaTraq 6.9.2. Enter the default credentials 'admin' for the username and 'admin' for the password. Upon successful login, administrative privileges are granted.
Remediation
Users are advised to change default credentials before deploying the application. Regularly review and update legacy tools to mitigate security risks.