Novell is now a part of Micro Focus

Securing the Compaq Management Agents

Articles and Tips: qna

01 Feb 2001


Q.

Dear Ab-end: The default installation of the Compaq Management Agents allows anonymous access via port 2301 over HTTP to the SYS:SYSTEM\AUTOEXEC.NCF and SYS:ETC\NETINFO.CFG. These files may contain the remote console password, in addition to others such as the SNMP Control Community password. The passwords are stored in plain text in these files and can be obtained by connecting to http://target:2301/survey. Successful retrieval of the passwords may allow a malicious user to gain full administrative control over the Management Agents. How can I secure the Compaq Management Agents?

Feeling Insecure in Illinois

A.

Dear Insecure: I checked with Compaq on this. Here is their response: "First, this only allows you to see the RCONSOLE password or SNMP info (community strings) not any administrator passwords (unless they are in theses files). So, what does that mean? You should not put the automatic passwords in the RCONSOLE line and even if they can get to your SNMP stuff, all they can do is clear out information in the logs and set thresholds! You still have to enable remote reboot or power off to do those and the Remote Insight Board Lights Out Edition card has its own separate password and user file that they can not see without being able to know that information, so they cannot power that off either!

"As for locking this down, one way is to not load the SURVEY.NLM file, if it isn't running, then the security breach you talked about doesn't work. It's not the agents that's the issue, it's Survey and you can run it manually until we set some sort of password protection on it. If they don't load SURVEY.NLM in a continuous fashion, this resolves the problem (that is what their sample HTML link is doing: loading Survey into the browser to view). Survey does indeed retrieve a VIEW of the AUTOEXEC and STARTUP.NCF files, but you can't do anything with them (such as edit or change or delete), since they would be a big part of any problem resolution activities."

To summarize: There is an issue that allows for the viewing of .NCF files and the NETINFO.CFG file. According to Compaq, tell customers not to load SURVEY.NLM automatically until Compaq has a fix. (Answer supplied by Bill Roberts, Novell MCNE and area SE Manager for Compaq in Indianapolis, and Cyle Dibble of Novell)

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates