OpenVMS SYSGEN parameter enabled
| openvms-sysgen-enabled (7225) |  Medium Risk |
Description:
Digital OpenVMX VAX could allow an attacker to perform brute force attacks, caused by a vulnerability once the SYSGEN parameter is enabled. An attacker can attempt to perform repeated attacks by attempting to login repeatedly to exceed the SYSGEN parameter during a set interval of the algorithm. This allows an attacker to gain unauthorized access to the system.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in CIAC Information Bulletin D-06. See References.
References:
- CIAC Information Bulletin D-06: Failure to disable user accounts for VMS 5.3 to 5.5-2.
- CVE-1999-1324: VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
- OSVDB ID: 11017: OpenVMS DECwindows/MOTIF User Account Lockout Weakness
Platforms Affected:
- HP OpenVMS VAX 5.3
- HP OpenVMS VAX 5.5.2
Reported:
Feb 13, 1993
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this