If you have used the HPE 3PAR management console (IMC) you will know that the logon prompt has a tick box for ‘Secure Connection’. In this post I will demonstrate why you should not connect without this option selected. This post is specific to the traditional IMC client which is being deprecated in favour of the SSMC web client however I won’t be covering alternative clients (SSH, web, OneView etc) in this post as they aren’t relevant to the point I’m making.
Here we have a screenshot of the logon prompt, as you can see ‘Secure Connection’ option is selected-
Let’s open up Wireshark and see what a packet capture reveals. To demonstrate I’ve created a virtual machine (VM) and an instance of the 3PAR simulator in VMware Workstation. The VMs are communicating on an isolated subnet in Workstation to keep the TCP/IP traffic relevant.
With the ‘Secure Connection’ option enabled we see the 3PAR management client connect and exchange certificate data followed by what looks to be random gibberish. This is of course the encrypted data flowing between the 3PAR and my VM – this is a good thing!
Now if we try a packet capture with the option un-ticked we see everything is transferred in clear text. You can see the default admin username and password I have connected with (3paradm and 3pardata) as well as the hostname (random as it’s a Windows VM just spun up now)
As you can see the un-secure connection reveals a huge amount of information to anyone sniffing on your network. Not only is the current connection username and password exposed but all the information the management client pulls back. This includes (at the end) the output from the ‘getuser’ command which lists all users and their access level as well as a list of currently connected users, the hostnames of their machines and IP addresses.
For an attacker this is really useful information, at this point they have a good idea of the username conventions, who they should be attacking based on access levels as well as details for host machines of administrators.
I really hope this has encouraged you to always keep that little tick box checked. I will say that with it un-ticked a management console connection loads faster, in fact on a 3PAR training course you were told this would help speed things up when doing lab work. I’m not going to discuss other potential mitigators (IPsec for example) or what you should be doing to protect your network – let’s just end on DO NOT un-tick that box.