|
|
|
|
| |
Credit:
The original article can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02712670
|
| |
Vulnerable Systems:
* HP StorageWorks X9000 Network Storage Systems all 5.4 versions
HP StorageWorks X9000 Network Storage System Contains a potential security vulnerability, which has been identified with HP StorageWorks X9000 Network Storage Systems. This vulnerability could be exploited to allow remote unauthenticated access to the accounts with expired passwords.
Workaround:
The vulnerability can be avoided by using the following procedure.
1. Explicitly disable the local Administrator account.
2. Explicitly disable any lsassd local-provider accounts that are not in use.
For example, to disable the Administrator account:
$ lw-mod-user --disable-user "MACHINE\Administrator"
where MACHINE is hostname of the local system.
The following command can be used to verify that the account has been disabled.
$ lw-find-user-by-name --level 2 "MACHINE\Administrator"
The command should return:
Account disabled (or locked): TRUE
CVE Information:
CVE-2010-0833
Disclosure Timeline:
Release Date: 2011-02-07
Last Updated: 2011-02-07
|
|
|
|
|
