Bugtraq: Re: hpux 10.0 remote administration

[nate () MILL2 MILLCOMM COM (nate)]

> > sam_exec is still used
> > Do you happen to know what password they use for sam_exec ;-)
> > (the concept looks dangerous, I have not had time to really
> > look at it. But I didn't enable it either...)
> Yes. there is a default password. Im not sure if
> it has been changed for 10.X, but if you run
> crack on it, you will find it without a question.
> At that point, anyone can pretty much log into your
> machine as sam_exec and hit ctl-c to obtain a
> uid 0 shell.
HP's analytical products (PA-RISC 9000 700 series workstations, in my
experience) usually running HP-UX v9.0x also are shipped with some weak
default accounts:  csadmin (pw:hp), chemist, user1 - user8.  csadmin can
basically do anything on the system..   Designed with a small, private
LAN in mind, HP seems to underestimate security on these machines.  I
would imagine that more than a few find there way onto larger networks,
however.  I just solve the problem by disabling the accounts, they are
seldom needed after non-networked configuration, if even then.

-Nate Smith <nate () millcomm com> || http://www.millcomm.com/~nate