HP OpenView Performance Insight Server Backdoor Account
High Nessus Network Monitor Plugin ID 5754
SynopsisThe remote host contains a web application that has a hidden account.
DescriptionThe installation of HP OpenView Performance Insight on the remote host allows the use of a hidden account for logging in. The 'hch908v' user, hardcoded in the com.trinagy.security.XMLUserManager class, is hidden and has administrative privileges. A remote, unauthenticated attacker could exploit this by logging in as the hidden user, giving them administrative access to the Performance Insight installation. After gaining administrative access to the web application, escalation of privileges may be possible.
SolutionApply the hotfix referenced in the HP advisory.