ESM 4.1.3 add a user with a hardcoded Password!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ESM 4.1.3 add a user with a hardcoded Password!

L3 Networker

Hi,

 

I have read the following and had to laugh: "Changes to Default Behavior in Traps 4.1.3" :

 

For enhanced security, files in the web-based forensics (BITS upload) folder are no longer accessible to any device except the Endpoint Security Manager (ESM) Server and Console. Now, when you install or upgrade to ESM 4.1.3, the installer creates a user account (TrapsDownloader) and uses that account for accessing files in the BITS folder.

 

i don't think it is enhanced security to add a user named "TrapsDownloader" with a hardcoded password (easy to get), without a easy possibility to change it and this on a server with a administration tool for a core security product.

 

i did only noticed it because on a german OS, the console installer crahs with an error by adding this TrapsDownloader user, because he can not find the local Users group.

 

What you thinking?

 

F.Hufschmid

2 accepted solutions

Accepted Solutions

L4 Transporter

You can change the password with the DBconfig tool. If you open a case with support they will send you instructions. 

View solution in original post

L3 Networker

i find it out, it is analog to the ninja pw change:

 

C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server>DBConfig.exe server TrapsDownloaderPassword <YOUR_PASSWORD>

 

thx for the hint

F.Hufschmid

View solution in original post

5 REPLIES 5

L4 Transporter

You can change the password with the DBconfig tool. If you open a case with support they will send you instructions. 

Thank you, are you from PaloAlto support or sw engineer?

 

You agree with me that this change in the documentation should be large, bold and mandatory and should not be requested via support.

Yes and no. Yes, it should be better documented. No, specific information about a password or account that a security product uses, should have some control in the finer details being publicized. Which is why, support should have no issue passing you the information, on how to modify the password. The details of the account and function could use better detailing, in the admin guide.  

 

No, specific information about a password or account that a security product uses, should have some control in the finer details being publicized.

Why not, every default password from traps should be in the public documetation, with a requirement to change it. If you search in the internet you find it anyway.

Only one good example where PaloAlto has done it:

https://www.paloaltonetworks.com/documentation/41/endpoint/endpoint-admin-guide/administer-the-esm-s...

 

Sorry for saying: all other obfuscation ist security by obscurity.

L3 Networker

i find it out, it is analog to the ninja pw change:

 

C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server>DBConfig.exe server TrapsDownloaderPassword <YOUR_PASSWORD>

 

thx for the hint

F.Hufschmid

  • 2 accepted solutions
  • 5948 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!