Description
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-61639)
MySQL CVE-2016-7440 Vulnerability (CVE-2016-7440)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)