[2928] in bugtraq
Re: hpux 10.0 remote administration
daemon@ATHENA.MIT.EDU (nate)
Tue Jul 16 01:41:03 1996
Date: Mon, 15 Jul 1996 22:06:42 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: nate <nate@MILL2.MILLCOMM.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <2.2.32.19960715194024.007043ec@lintjr.cisco.com>
> >sam_exec is still used
>
> >Do you happen to know what password they use for sam_exec ;-)
> >(the concept looks dangerous, I have not had time to really
> >look at it. But I didn't enable it either...)
>
> Yes. there is a default password. Im not sure if
> it has been changed for 10.X, but if you run
> crack on it, you will find it without a question.
> At that point, anyone can pretty much log into your
> machine as sam_exec and hit ctl-c to obtain a
> uid 0 shell.
>
HP's analytical products (PA-RISC 9000 700 series workstations, in my
experience) usually running HP-UX v9.0x also are shipped with some weak
default accounts: csadmin (pw:hp), chemist, user1 - user8. csadmin can
basically do anything on the system.. Designed with a small, private
LAN in mind, HP seems to underestimate security on these machines. I
would imagine that more than a few find there way onto larger networks,
however. I just solve the problem by disabling the accounts, they are
seldom needed after non-networked configuration, if even then.
-Nate Smith <nate@millcomm.com> || http://www.millcomm.com/~nate
