Interbase backdoor

Interbase backdoor


Summary

A back door password has been hidden in Borland/Inprise's popular Interbase database software for at least seven years, potentially exposing tens of thousands of private databases at corporations and government agencies to unauthorized access and manipulation over the Internet.

The problem

The CERT indicated that "The back door account password can not be changed using normal operational commands, nor can the account be deleted from existing vulnerable server".

Fix

Borland, the devleopers of Interbase have developed patches for Interbase 5 and 6. Patches can be found at http://inprise-svca.www.conxion.com,

Reference(s):

Securityfocus Security Advisory bid 2192

CVE References(s):