# 1362 Security Hole in Server Permits Login with a Blank User Name and Password

---

There is a security hole in the administration session of the Database Server. I can get full administrative access without a username and password.

I found it while using a personal firewall on client side (Windows XP), which blocks SrvAdmin for some seconds. See screenshoot srvadmin1.gif: when Kerio Personal Firewall shows its window, SrvAdmin blocks after some seconds (its menu bar becomes white). Then I permit the connection. SrvAdmin is reactivated, but the login window isn't shown. Then I can click on "Login to Server" again and get instant access to the server without asking for username and password! If I move the SrvAdmin window to the side, I will see the login window behind.

In the Logfile I found, that there is no Admin login for this session. But if I close Srvadmin, then there is a Admin logout with empty username.