The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.

From HP FlexFabric Switch NDM Security Technical Implementation Guide

Associated with: CCI-000366

SV-80785r1_rule The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.

Vulnerability discussion

In the event the network device loses connectivity to the management network authentication service, only a local account can gain access to the switch to perform configuration and maintenance. Without this capability, the network device is inaccessible to administrators.

Check content

Verify that the switch is configured with a local user that has full access by entering the following command: display local-user user-name . The user role list should contain the following: network-admin, network-operator If the switch does not have a local user with full access, this is a finding.

Fix text

Configure the switch with a local user account that has network-admin and network-operator role. [5900]local-user adminxxx [5900-luser-manage-adminxxx]authorization-attribute user-role network-admin (or level=15) [5900-luser-manage-adminxxx]authorization-attribute user-role network-operator [5900-luser-manage-adminxxx]service-type terminal [5900-luser-manage-adminxxx]password hash xxxxxxxxxxxxxx

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.