logo
DATABASE RESOURCES PRICING ABOUT US

HP OpenView Performance Insight Server Backdoor Account

Description

Nessus was able to log into the remote HP OpenView Performance Insight system using a hidden account. The 'hch908v' user, hard-coded in the 'com.trinagy.security.XMLUserManager' class, is hidden and has administrative privileges. A remote attacker could exploit this by logging in as the hidden user and gain administrative access to the Performance Insight installation. After gaining administrative access to the web application, escalation of privileges may be possible. Nessus has not checked for that issue.


Related