Title

The manufacturer’s default passwords have not been changed for all SAN management software. (Cat I impact)

Discussion

The changing of passwords from the default value blocks malicious users with knowledge of the default passwords for the manufacturer's SAN Management software from creating a denial of service by disrupting the SAN or reconfigure the SAN topology leading to a compromise of sensitive data. The IAO/NSO will ensure that the manufacturer’s default passwords are changed for all SAN management software.

Check Content

The reviewer will, with the assistance of the IAO/NSO, verify that the manufacturer’s default passwords have been changed for all SAN management software.

Fix Text

Develop a plan to change manufacturer’s default passwords for all SAN management software. Obtain CM approval of the plan and implement the plan.

Additional Identifiers

Rule ID: SV-6792r1_rule

Vulnerability ID: V-6646

Group Title: Default SAN Management Software Password

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.