I wonder what the default passwords are for AR_ESCALATOR, DSO, plugin user, etc. You can see evidence of these accounts in the api logs, user logs, etc. For some of the accounts there is no way to change any aspect of the authentication information. In versions long ago (5.x and earlier?), the Remedy Application Service had a hard coded password that could optionally be configured. It has since been made a requirement to define the password for that account.
On Thu, Jan 30, 2014 at 9:04 AM, Pierson, Shawn < [email protected]> wrote: > Alternatively, you can leave it as a default, remove all permissions, set > a custom homepage form for it in the preferences that automatically > redirects it to a Youtube video of the singing Trololo guy. Obviously they > could still get into other areas of Remedy that have Public access if they > knew how, but this sounds like a more fun solution than getting rid of that > account. > > Thanks, > > Shawn Pierson > Remedy Developer | Energy Transfer > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of William Rentfrow > Sent: Thursday, January 30, 2014 8:10 AM > To: [email protected] > Subject: Re: Target Attack and BMC Software ITSM? > > Wait - so you're not supposed to use Demo after you install? ;) > > This does give me enough reason to go back and double check to made sure > those are turned off in all the environments. You can never be too careful. > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Pierson, Shawn > Sent: Thursday, January 30, 2014 7:40 AM > To: [email protected] > Subject: Re: Target Attack and BMC Software ITSM? > > Upon further reading, this is a part of their Bladelogic Automation Suite, > and that BMC has documented how to remove that account once you have it up > and running. I think the Remedy equivalent would be if you installed AR > System and left the Demo account out there as it. > > Thanks, > > Shawn Pierson > Remedy Developer | Energy Transfer > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Jeff Lockemy > Sent: Thursday, January 30, 2014 7:38 AM > To: [email protected] > Subject: Re: Target Attack and BMC Software ITSM? > > Totally... It would be nice if they were a little more specific in the > articles. My stress level went up for a bit. LOL > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Pierson, Shawn > Sent: Thursday, January 30, 2014 8:31 AM > To: [email protected] > Subject: Re: Target Attack and BMC Software ITSM? > > I read the article and clicked on the link to the Krebs on security site. > Based on that site, which may or may not be correct, it's saying that the > potential BMC product is BMC Performance Assurance Agent. Since this isn't > a part of Remedy I really have no idea how it works and if there is a back > door or if it was installed and they forgot to change a default password. > > In any case, it's not Remedy, so that's a good thing. > > Thanks, > > Shawn Pierson > Remedy Developer | Energy Transfer > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > [email protected]] On Behalf Of Jeff Lockemy > Sent: Thursday, January 30, 2014 7:23 AM > To: [email protected] > Subject: OT: Target Attack and BMC Software ITSM? > > This news article hit today... > > http://www.startribune.com/business/242688511.html > > It says that a default password in a BMC ITSM product may have contributed > to the target attack. > > Jeff > > > > Jeff Lockemy > Lead Engineer, NAVY 311 > Enterprise Service Management PMW-240 > ITIL V3 Foundation Certified > QMX Support Services Inc. > > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > Private and confidential as detailed here: > http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot > access the link, please e-mail sender. > > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > Private and confidential as detailed here: > http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot > access the link, please e-mail sender. > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 2014.0.4259 / Virus Database: 3658/7001 - Release Date: 01/14/14 > Internal Virus Database is out of date. > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > Private and confidential as detailed here: > http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot > access the link, please e-mail sender. > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
