Rapid7 Vulnerability & Exploit Database

SQL Server access with Remedy ARAdmin and default password

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SQL Server access with Remedy ARAdmin and default password

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

11/01/2004

Created

07/25/2018

Added

11/01/2004

Modified

12/04/2013

Description

The Remedy Action Request System is a ticketing system that uses SQL Server to store its data. By default, Remedy creates an account on SQL Server called "ARAdmin" with a default password of "AR#Admin#". This account only has access to two databases, the ARSystem database and the tempdb database. Any user who logs in to SQL Server as ARAdmin can modify the underlying data of the ticketing system, which includes usernames and passwords for the ticketing system itself.

Solution(s)

tds-remedy-default-password

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SQL Server access with Remedy ARAdmin and default password

SQL Server access with Remedy ARAdmin and default password

Description

Solution(s)

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.