HP+Security makes me laugh.
I've seen many security problems in HP products. "HP Storage ESL" comes to mind it has by default a web server running, no login required that allows reboots.
Rapid7 is advising HP SiteScope users to run the tool on Linux rather than Windows servers because of a nasty privilege escalation vulnerability. The agentless monitoring environment that headlines HP's operational management offerings lets authenticated users run commands with system privilege, the security bods explain. The …
"SYSTEM" is not an account. It is a SID, a role, an account type. And that SID, by itself, doesn't work for most network tasks, so whatever account they are using must also include a SID that does have network privileges.
There probably is a good reason why it needs a privilege in Windows which doesn't exist in Linux. It could be anything, and it might not even be a privilege associated with the SYSTEM role: it might be a privilege associated with the other role.
Biting the hand that feeds IT © 1998–2022