User credentials which would allow remote access to the system by the Service Processor must be removed from the storage system.

Description

<VulnDiscussion>Failure to remove the default user accounts associated with remote access from the Service Processor increases the risk of unauthorized access to the 3PAR OS via the product's remote support interface. The Service Processor's authentication methods have not been evaluated and using such mechanisms to permit remote, full control of the system by organizational or non-organizational users represents an increased risk to unauthorized access. The Service Processor can also send system data offsite providing access to system information to non-DoD organizations.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>