Vulnerability DB2 Affected IBM DB2 for winnt(v6.1) IBM DB2 for linux(v6.1) Description Ben Jurry found following. The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database (UDB) is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating environments. And More than 70% of the world's major companies rely on DB2 to manage their mission-critical business applications. During the installation of IBM DB2 V6.1 there is no prompt to the admin user to change the default passwords, leaving the possiblity for a user to gain access to the database and even the system. Under winnt/win2k,the account named db2admin,the default password is db2admin. Under linux the accounts named db2inst1, db2as, db2fenc1, and the default password is ibmdb2. Successful exploitation of this vulnerability could enable a user access the data and system. Solution Change the default account and password. I believe this is what manual says as well.