CVE-2007-3232

Name of the Vulnerable Software and Affected Versions: IBM TotalStorage DS400 with firmware 4.15

Description: The issue concerns the use of blank passwords for multiple accounts, including root, user, manager, administrator, and operator. This allows remote attackers to gain login access through certain Linux daemons. Specifically, a telnet daemon is accessible on a nonstandard port, tcp/6000.

Recommendations: For IBM TotalStorage DS400 with firmware 4.15, change the passwords for the root, user, manager, administrator, and operator accounts to secure ones to prevent unauthorized access. As a temporary workaround, consider disabling the telnet daemon on port tcp/6000 until a more secure configuration can be implemented. Restrict access to the device to minimize the risk of exploitation.