[12823] in bugtraq
Re: HP Secure Web Console
daemon@ATHENA.MIT.EDU (Mark Gross DSO)
Thu Dec 2 15:09:04 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <6B4DD00F9C1AD3118A0B0090271ED61703D6C0@sac-nts-msgx04.delta.org>
Date: Wed, 1 Dec 1999 11:38:24 -0800
Reply-To: Mark Gross DSO <MGross@DELTA.ORG>
From: Mark Gross DSO <MGross@DELTA.ORG>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> -----Original Message-----
> From: Jon Mitchell [mailto:jrm@FREEDOM.SWC.COM]
> Sent: Wednesday, December 01, 1999 7:06 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: HP Secure Web Console
>
>
> The Secure Web Console is a device that looks (and acts) like
> a JetDirect
> printserver. It has one ethernet port and one serial port. The idea
> behind it is that you can connect your console cable from your HP9000
> machine to this device and put it on the network. This way you can
> connect to your HP9000's via a web browser so remote access
> to the console
> is easy. Since this is actual console access you could potentially do
> upgrades or reboots into single user mode safely from this
> device without
> being onsite.
>
> The problem with this device is the word Secure in the name.
> This implies that this device is providing secure access from the network.
The
> information on this devices web site http://www.hp.com/go/webconsole
> states that it currently uses MD5 user digest as the
> encryption scheme and
There is an even more gaping security hole in HP's SWC product.
It is possible to create multiple user accounts on the web console
device and there are two types of accounts: Administrator and
Operator. Furthermore, it is also possible for multiple users
to be connected to this device concurrently. The initial user
connection gets read/write access to the console, and any
subsequent connections get read-only access. One would think
that operator accounts would have limited privileges, but this
is not the case. Operators can do anything to the SWC device
that administrators can do (reboot the device, etc.)
We were considering implementing these devices on
some of our remote HP9000 servers, so we were testing a SWC in
our lab. We found that an operator can reboot the console
while any other users are connected (including root). As would
happen with a regular console device, any logins remain
active. So whoever reconnects first to the SWC captures the
active session (which in our testing allowed an operator
to hijack root's session). What's worse, if the server is
in Service mode, anyone who has an account on the SWC
(administrators AND operators) can perform CTRL+B and reboot
the server.
Any HP system administrators who consider implementing this
ill-conceived piece of equipmement do so at their own risk...
