Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against HP OpenView Operations Agent Blank 'opc_op' Password Vulnerability

Subscribe

Check Point Reference: CPAI-2010-128
Date Published:
Severity:
Source: Bugtraq ID: 38150
Industry Reference(s): CVE-2010-0444
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
HP Operations Agent 8.51, 8.52, 8.53, 8.60
Vulnerability Description
A vulnerability has been reported in HP OpenView Operations Agent. the vulnerability can be exploited by a remote attacker to gain access to the target system and completely compromise an affected system.
Update/Patch Available
The vendor has released a patch.
Vulnerability Details
TThe vulnerability is due to an access control weakness which permits the creation of an opc_op account without a password. A remote attacker can exploit this issue to completely compromise an affected system.

Protection Overview
The protection will block attempts to login by the opc_op account on an HP Operations Agent.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Authentication, and select the Authentication Back End protection group.
3. Click Bad User List (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: Authentication
Description: Bad User List