| VID |
22232 |
| Severity |
40 |
| Port |
1381 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Compaq Web-based Management Agent is configured with the default password. The Agent on the host may be configured with one of the default user name and password combinations below:
- administrator / administrator
- operator / operator
- user / user
If the default password is not changed, the Agent is vulnerable to unauthorized access by any user, which allows the user with access to view sensitive system information, as well as reboot the affected system. Furthermore, if a SNMP Agent is configured on the affected system it may disclose the SNMP community strings in use, allowing an attacker to set device configuration if the 'write' community string is uncovered.
To manually test for this mis-configuration, you can log into the Compaq web server via a Web browser. The default SSL port is 2381. A typical query would look like:
https://[compaq host]:2381/ .
You would then enter each user name and password combination above in order.
* Platforms Affected:
Compaq Web-Enabled Management Any version |
| Recommendation |
Change all passwords for Compaq Web-based Management Agent accounts to something difficult to guess.
-- OR --
As a further precaution, use the 'IP Restricted Logins' setting to allow only authorized IP's to manage this Agent. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
