1.1.1 Ensure default password of root is not allowed

Information

To assist users in changing default password for 'root' account

Rationale:

Using Default passwords for 'root' access could cause a compromise to the overall system security

Impact:

Failure of changing default root's password brings high risk to the system as the root account might be abused by unauthorized users who would have full privilege on F5 systems

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

- Log in to the Configuration utility.
- For System, select Platform.
- Under User Administration, choose the Password box for either Root Account or Admin Account.
- Enter the new password.
- Enter the same password in the Confirm box for the account that you chose in step 3.
- Select Update.
- If you have updated the password for Admin Account, the system logs you out of the Configuration
utility, and you must log in again using the new password.

See Also

https://workbench.cisecurity.org/files/3587

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.2

Plugin: F5

Control ID: 0a25acfff8a90373e70d76c8ec5f19e88565465ae7c55f0a97e7e3ea4931acee