[原文]BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
[CNNVD]Compaq Insight Management Agent 或 Management Agents for Servers 创建PFCUser帐户漏洞(CNNVD-199912-111)
Compaq Insight Agent with BMC PATROL PFCUser Default Account
Remote / Network Access,
Local / Remote
Loss of Integrity
By default, Compaq BMC component installs with a default password. The "PFCUser" account has a password of "240653C9467E45" which is publicly known and documented. This allows attackers to trivially access the program or system.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
1. Login as Administrator
2. Start a DOS Command Prompt Window
3. Change directory to %PFC_HOME% (CD /Winnt/System32/pfc)
4. Run the pfimuser program to change the password (Type pfimuser)
5. Type Username when prompted (PFCUser)
6. Type new password when prompted
7. Verify new password when prompted