An error occurred:

Check: GEN008710

HP-UX 11.23 STIG: GEN008710 (in version v1 r8)

Title

The system boot loader must protect passwords using an MD5 or stronger cryptographic hash. (Cat II impact)

Discussion

If system boot loader passwords are compromised, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or maintenance mode, which could result in Denial of Service or unauthorized privileged access to the system.

Check Content

Check Content: When booting HP-UX, in order to access the Initial System Loader (ISL), the Boot Console Handler (BCH) must be intentionally interrupted. Once interrupted, the console will prompt for ISL access and halt briefly for a reply. If no reply is received, the system will time out and eventually execute the AUTO file. Neither the BCH nor the ISL are password protectable (by vendor design). This check is not applicable (NA) to HP-UX.

Fix Text

Not applicable (NA) to HP-UX.

Additional Identifiers

Rule ID: SV-38415r1_rule

Vulnerability ID: V-24624

Group Title: GEN008710

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000213

The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-3

Access Enforcement