cbcvebase.
CVE-2005-4145
published 2005-12-10

CVE-2005-4145: The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to…

PriorityP348medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
43.92%
98.6th percentile
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.

Affected

5 ranges
VendorProductVersion rangeFixed in
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager

Detection & IOCsextracted from sources · hover to see the quote

othersa:lminstall
othersa:lyris[1-65535]
port1433
  • Detect rapid sequential MSSQL authentication attempts for the 'sa' account using passwords matching the pattern 'lyris' followed by 1–65535 (process ID brute force).
  • Alert on successful MSSQL 'sa' login using the password 'lminstall', which is the transient installation-phase credential.
  • Monitor for MSSQL xp_cmdshell or binary upload/execution activity following 'sa' authentication, as the exploit uploads and executes a payload after successful login.
  • High-volume sequential failed MSSQL login attempts (increments of 1000 logged by the module) against the 'sa' account from a single source IP should trigger a brute-force alert.
  • ·The Metasploit module is explicitly set to NOT auto-run (autofilter returns false) due to risk of account lockout on SQL Server 2005 targets — brute-force use may lock out the 'sa' account.
  • ·Newer Lyris ListManager installations may use a randomly generated suffix (e.g., 'lyris629dAe536F') instead of a numeric PID, making the numeric brute-force ineffective but requiring broader password pattern coverage.
  • ·The vulnerability affects only the MSDE (Microsoft SQL Server Desktop Engine) variant of Lyris ListManager versions 5.0 through 8.9b; non-MSDE installs are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.