GEN:SID | 1:710 |
Message | TELNET EZsetup account attempt |
Summary | This event is generated after an attempted login to a telnet server using the username OutOfBox.
|
Impact | Unauthorized remote access.
|
Detailed Information | Some SGI machines are shipped with an easy setup group of scripts to assist the user when setting up the host. This group of programs is called EZsetup and may install some passwordless default accounts on the machine.
This event is generated when an attempt is made to login to a server using the username OutOfBox via Telnet. This is a default account on some SGI based machines. The password may also be OutOfBox or it may not have a password assigned.
Repeated events from this rule may indicate a determined effort to guess the password for this account.
|
Affected Systems | SGI Telnet servers.
|
Attack Scenarios | An attacker may attempt to connect to a telnet server using the username OutOfBox.
|
Ease of Attack | Simple
|
Corrective Action | Disable the OutOfBox account.
Choose the most secure options when using EZsetup.
Use ssh as an alternative to Telnet
Block inbound telnet access if it is not required.
|
Additional References | |
Rule References | cve: 1999-0501
nessus: 11244
|