Monday, May 5, 2008

MAMPU's SSO With No Password.

Today surfing on the web I've read something about MAMPU that means Malaysia Administrative Modernisation and Management Planning Unit. Under the "principal" domain (mampu.gov.my) you might find another sub domain called SSO I really have no idea about it and I really have no idea what has been written on the project's home page. What I wanna point out is the incredible error which come out during a normal GET request on the site http://sso.mampu.gov.my/ . Here it is !



The MySQL server runs on localhost and the root password is not used ! That means the server's administrator had not well-configured the machine, probably the internal SQL server could run an AF_UNIX socket opened to external communications. If it's true everybody can access to the DataBase. 

I'm scared about these kind of system's administrators.

1 comment:

Nezam said...
This comment has been removed by the author.