The system boot loader must protect passwords using an MD5 or stronger cryptographic hash.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-24624	GEN008710	SV-38415r1_rule	IAIA-1 IAIA-2	Medium

Description
If system boot loader passwords are compromised, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or maintenance mode, which could result in Denial of Service or unauthorized privileged access to the system.

STIG	Date
HP-UX 11.23 Security Technical Implementation Guide	2015-06-12

Details

Check Text ( C-36800r1_chk )
Check Content: When booting HP-UX, in order to access the Initial System Loader (ISL), the Boot Console Handler (BCH) must be intentionally interrupted. Once interrupted, the console will prompt for ISL access and halt briefly for a reply. If no reply is received, the system will time out and eventually execute the AUTO file. Neither the BCH nor the ISL are password protectable (by vendor design). This check is not applicable (NA) to HP-UX.

Check Text ( C-36800r1_chk )

Check Content:
When booting HP-UX, in order to access the Initial System Loader (ISL), the Boot Console Handler (BCH) must be intentionally interrupted. Once interrupted, the console will prompt for ISL access and halt briefly for a reply. If no reply is received, the system will time out and eventually execute the AUTO file. Neither the BCH nor the ISL are password protectable (by vendor design).

This check is not applicable (NA) to HP-UX.

Fix Text (F-32177r1_fix)
Not applicable (NA) to HP-UX.