Security Hole in Ensim Pro

I am using Ensim Pro 3.5.4, I am not sure if this applies to 3.5.10 since I am on a serverXchange system and they have not yet updated.

Use Macromedia Dreamweaver, create a php file, and go to Windows and then Databases. Setup all the information correctly, then try to click on the plus sign and connect to a mysql database.

Once that is done, try to connect to your database and type in the correct info in the fields but leave the password blank and the database blank. Click select, and you see ALL OF THE DATABASES on the entire system. Not on just one site, ALL SITES.

Any Ideas?

When I click TEST, I get this error

1045, Access denied for user: "theusernamehere@ns.domainhere.com: (using password : YES)

It the username and domain are what yours are, but the password: YES.
It actually says "YES"
YES is not the password, I do not know how that came up either?

any ideas on these errors and security loopholes?

 

 

 

 

Top