'(I) UPDATE - PFCUser Account,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    (I) UPDATE - PFCUser Account,
From:       "Boren, Rich" <Rich.Boren () COMPAQ ! COM>
Date:       1999-09-15 12:41:20
[Download RAW message or body]

> Update: CASE ID SSRT0620                                 15 SEP 1999
>                Orig. Post 04 SEP 1999
>
        RE: Potential Security Vulnerability with PFCUser Account
> in Compaq Management Agents for Servers for Microsoft Windows NT.
>
> Source: Compaq Computer Corporation
>               Software Security Response Team
>
> Compaq continues to take a serious approach to quality and security
> in all of its software products, and strives to address issues, provide
> solutions and communicate them in a timely and responsible manner.
> This communication is to respond to some concerns that have been
> raised recently with the creation of the PFCUser account during an
> install of the Compaq Management Agents for Windows NT.
>
> Issues
>
> 1.  Vulnerability of the PFCUser account due to automatic creation of
> password
> 2.  The user is not notified that the PFCUser account is being created
> 3.  The level of rights assigned to the account
> 4.  The uncertainty of uninstall removing the user account
>
> Recommended action
>
> To promptly alleviate concerns regarding the vulnerability of the account,
>
> Compaq recommended to customers to change the password.
> Instructions on how to do this are provided in the bulletin titled
> 'PFCUser account Vulnerability in the Compaq Management
> Agents for Servers for Windows NT'.
> (available at ) http://www.compaq.com/sysmanage
>
> Changes being implemented in v4.40B
>
> Like many other Windows NT applications, the Windows NT
> Management component of the Compaq Management Agents
> also requires a user account to interact with the operating system
> to gather detailed OS level information.
> A summary of the changes in the updated release is as follows
>
> 1.    The automatic creation of the user account and automatic
> generation of the password will be discontinued
>
> 2.    A dialog box will notify the user that an account is required
> for the Windows NT Management component, and prompt the
> user to create an account and password.
>
> 3.    The privileges associated with the user account have been
> changed, and the only user right retained is to allow the account
> to logon locally.
>
> 4.    There were some issues with removal of the PFCUser account
> during uninstall of versions 4.20D and 4.22 of the Compaq Management
> Agents. The issues were fixed in version 4.23.
>
> The Compaq Foundation Agents v4.40B will be available as
> a SoftPAQ (SP 10629) at http://www.compaq.com/sysmanage by the
> last week of September. Further details of changes being made in this
> release are available at this site.
>
> _____________________________________________________
> (c) Copyright  1999 Compaq Computer Corporation.
> All Rights Reserved.   Unpublished Rights
> Reserved Under The Copyright Laws Of The United States.
> _____________________________________________________
>
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic