The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.

An XCCDF Rule

Description

<VulnDiscussion>The changing of passwords from the HMC default values, blocks malicious users with knowledge of these default passwords, from creating a denial of service or from reconfiguring the HMC topology leading to a compromise of sensitive data. The system administrator will ensure that the manufacturer’s default passwords are changed for all HMC management software.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Information Assurance Manager</Responsibility><Responsibility>Systems Programmer</Responsibility><IAControls>IAIA-1, IAIA-2</IAControls>

ID: SV-30021r2_rule
Severity: High
References: CCI-001989
Updated: about 1 month ago

The System Administrator must logon to the HMC and validate that all Default Passwords have been changed.
	
User ID		Default Password
OPERATOR		PASSWORD
ADVANCED		PASSWORD
SYSPROG		PASSWORDACSADMIN		PASSWORD

Default user IDs and passwords are established as part of a base HMC. The System Administrator must assign new user IDs and passwords for each user and remove the default user IDs as soon as the HMC is installed by using the User Profiles task or the Manage Users Wizard.

Go to task Modify User, select user, select Modify and enter and confirm new password.

The manufacturer’s default passwords must be changed for all Hardware Management Console (HMC) Management software.

Description

Remediation - Manual Procedure