Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Riverbed NetProfiler Security Technical Implementation Guide
SRG-APP-000080-NDM-000345
SRG-APP-000080-NDM-000345
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000080-NDM-000345
1 Rule
<GroupDescription></GroupDescription>
The Riverbed NetProfiler must change the default admin credentials so they do not use the default manufacturer passwords when deployed.
High Severity
<VulnDiscussion>Network devices not protected with strong password schemes provide the opportunity for anyone to crack the password and gain access to the device, which can result in loss of availability, confidentiality, or integrity of network traffic. Many default vendor passwords are well known or easily guessed; therefore, not removing them prior to deploying the network device into production provides an opportunity for a malicious user to gain unauthorized access to the device. By default, NetProfiler provides a single user account and password: The user name is admin with a weak default password. This user account is assigned the built-in role of Administrator, which provides the admin user account with unrestricted access to all NetProfiler features and data. At a minimum, change the default password to something less obvious and more complex. The default password is provided solely to enable logging in to the system and changing the configuration.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>