It has been found that a backdoor has been coded into InterBase since 1992. This previously-secret account has full access and an unchangeable, known username and password. With this knowlege, attackers can remotely gain read and write access to any database on the server. CERT advisory: http://www.cert.org/advisories/CA-2001-01.html IBphoenix advisory: http://www.cert.org/advisories/CA-2001-01.html More details: http://firebird.ibphoenix.com/home.nfs?a=ibphoenix&s=979249465:352&page=starkey Ben Greenbaum Director of Site Content SecurityFocus http://www.securityfocus.com
