[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : IBM DB2 default account and password Vulnerability

Title: IBM DB2 default account and password Vulnerability
Released by: benjurry
Date: 6th December 2000
Printable version: Click here


    The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database (UDB) is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating environments.And More than 70% of the world's major companies rely on DB2 to manage their mission-critical business applications. 


    During the installation of IBM DB2 V6.1 there is no prompt to the admin user to change the default passwords, leaving the possiblity for a user to gain access to the database and even the system. 

Under winnt/win2k,the account named db2admin,the default password is db2admin.Under linux the accounts named db2inst1,db2as,db2fenc1,and the default password is ibmdb2.

Successful exploitation of this vulnerability could enable a user access the data and system.

3.Platforms:IBM DB2 for winnt(v6.1) IBM DB2 for linux(v6.1)


    Change the default account and password.

5.About us

    RAF Info-Tech Corporation Ltd. is an Internet security consulting and service provider. The headquarter of RAF is located in Shenzhen, which is an exciting city in southen of China. For keeping the company  at the leading age of the technology, RAF established an Internet security research center in Tsinghua University in Beijing.

Based on the "RAF Security Theory", the company currently can provide the customized Inernert  security solution to the various clients. RAF also provides the technical services and support to the Internet security  product manufacturers.  

If you are interesting in the RAF's services or having any question to the 

company, please e_mail to CHINARAF@PUBLIC.SZPTT.NET.CN. or benjurry@263.net

6.Thank for my lover.

(C) 1999-2000 All rights reserved.