I stumbled on to this while setting up an android vulnerability testing lab.
Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @_larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download: https://play.google.com/store/apps/details?id=web.oss.sshsftpDaemon Description: "This app is a SSH terminal server AND an SFTP file server." Vulnerability: The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system. Recommended Fix: Request the user set the password upon installation. Vendor: open.software.solutions[4t]gmail.com, Notified 9/3/2014 Greets to 44CON. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
