Code: p79

Severity: Critical


Description: A hidden community string is hard-coded into the HP Openview 4.x and 5.x management Agent. This community string has read-write access to the Agent configuration.

Impact: A hidden SNMP community string exists in HP OpenView that can allow unauthorized access to HP portions of the MIB tree. Attackers can use this hidden community to gain information otherwise reserved for authorized users. Attackers can also use the community to manipulate and/or disable HP OpenView.

Corrective: Obtain fix from Hewlett Packard. Disable HP OpenView Management Agent.