No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Scan Software Detecting Weak Password

Publication Date:  2013-07-04 Views:  90 Downloads:  4
Issue Description
The scan software, when scanning the storage array, detects a security risk of weak password.
The scan software detects that the storage array has a weak password.
Alarm Information
None
Handling Process
Change the password of user root to Admin@storage. The following is the detailed procedure. The attachment contains scripts for modifying the password of the S3900 (applicable to 2 U controller enclosure) and S5900 (applicable to 4 U controller enclosure). The S3900 is used as an example.
1. Modify the list_3900 file. Fill in the information of the S3900 that you want to change the password by referring to the attachment. You must enter the IP address of the management network port.
2. Copy the three files to a Linux host that can access the S3900.
3. Log in to the Linux host and go to the directory the files reside. Run the chmod +x S3900.* command.
4. Run the ./S3900.sh Command.
5. Delete the three files.

Log in to the storage array using the PuTTY. Enter the user name root and password 123456. You are prompted that the password is wrong.
Enter the password Admin@storage. The PuTTY logs out or the link is down because the system denies user root by default.
Scan for the weak password using the scan software. If no weak password is detected, the problem is resolved.
Root Cause
The storage device has a root account whose password is 123456. Actually, this account is banned (only an admin user is provided). The scan software detects that this password is too simple and reports the weak password alarm.
The weak password vulnerability is detected for V100R002C00SPC009 and earlier versions.
Suggestions
None

END