FTP: IRIX Default Account Access Attempt

This signature detects attempts to log in to an IRIX 6.2 account that has no password by default. Accounts that are not configured with passwords by default are: root, lp, nuucp, EZsetup, demos, OutOfBox, guest, and 4dgifts.

Extended Description

An attacker who discovers an IRIX host having passwordless default accounts enabled may be able to log in to the accounts, without a password, via Telnet or FTP. The command shell and file transfer access provided by these default accounts may allow the attacker to conduct additional penetration attempts against the affected host.

References

CVE: CVE-2006-6563

URL: http://www.blacksheepnetworks.com/security/resources/IRIX_65.html http://www.nmrc.org/pub/faq/hackfaq/hackfaq-27.html http://www.faqs.org/faqs/sgi/faq/security/section-3.html

Short Name

FTP:USER:IRIX-DEF-ACCT

Severity

Warning

Recommended

False

Recommended Action

None

FTP: IRIX Default Account Access Attempt

Extended Description

References

Found a potential security threat?