Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
zOS Websphere Application Server for RACF STIG
ZWAS0040
Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP.
Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP.
An XCCDF Rule
Details
Profiles
Prose
Vendor-supplied user accounts for the WebSphere Application Server must be defined to the ACP.
High Severity
<VulnDiscussion>Vendor-supplied user accounts are defined to the ACP with factory-set passwords during the installation of the WebSphere Application Server (WAS). These user accounts are common to all WAS environments and have access to restricted resources and functions. Failure to delete vendor-supplied user accounts from the ACP may lead to unauthorized access. This exposure could compromise the integrity and availability of system services, applications, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance>IAO will ensure that CBADMIN user password is changed from default.</SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>