Title

The HYCU virtual appliance must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. (Cat II impact)

Discussion

Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is referred to as the account of last resort since it is intended to be used as a last resort and when immediate administrative access is absolutely necessary.

Check Content

Log in to HYCU UI and ensure that admin user is the only user configured with HYCU Authentication type. If any other user except for built-in admin is configured with HYCU Authentication type, this is a finding. Log in to HYCU console, run the command "cat /etc/passwd" within the HYCU console and ensure no nondefault user account configured. If any other user apart from HYCU user is configured to access HYCU console, this is a finding.

Fix Text

Log in to the HYCU Web UI, select Self-Service on the left menu. Then select Manage Users. Delete all users configured with HYCU Authentication type except from the built-in admin user. To check for any unauthorized users on the VM Console, run the following command: cat /etc/passwd Use the "userdel" command to remove any unauthorized users.

Additional Identifiers

Rule ID: SV-268274r1038763_rule

Vulnerability ID: V-268274

Group Title: SRG-APP-000148-NDM-000346

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.