1. Home
  2. System Vulnerabilities
  3. How to remediate – Unpassworded ‘mpi’ Account
Searching...

How to remediate – Unpassworded ‘mpi’ Account

Contents

1. Introduction

The vulnerability ‘Unpassworded ‘mpi’ Account’ refers to a default account on a remote system that has no password set. This allows an attacker who gains access to the system, even with limited privileges, to escalate their permissions. Systems commonly affected include those running software or appliances using this default account for internal management purposes. A successful exploit could lead to complete compromise of confidentiality, integrity and availability.

2. Technical Explanation

The root cause is the use of a default account with an empty password. An attacker can typically log in directly as ‘mpi’ without any credentials required. Exploitation requires network access to the affected system’s login interface. CVE-1999-0502 and CVE-2005-1379 describe this issue across multiple platforms.

  • Root cause: The account ‘mpi’ is created with no password enforced during installation or configuration.
  • Exploit mechanism: An attacker attempts to log in using the username ‘mpi’ and a blank password. If successful, they gain access as that user.

3. Detection and Assessment

  • Quick checks: Attempt login via SSH or the system console using username ‘mpi’ and no password.
  • Scanning: Nessus plugin ID 13431 can detect this vulnerability. This is an example only, results may vary.
  • Logs and evidence: Check authentication logs for successful logins by user ‘mpi’ without a password. The exact log file location varies depending on the operating system.
ssh mpi@<target_ip_address>

4. Solution / Remediation Steps

To fix this issue, set a strong password for the ‘mpi’ account or disable it if possible. Follow these steps carefully.

4.1 Preparation

  • Ensure you have alternative administrative access to the system in case of issues. Roll back by restoring the snapshot or reverting password change.
  • A standard change window may be required, with approval from the IT security team.

4.2 Implementation

  1. Step 1: Change the ‘mpi’ account’s password using the ‘passwd’ command.
  2. Step 2: Verify the password has been set correctly by attempting to log in with the new credentials.
  3. Step 3: If the account is not required, disable it using the appropriate system tools (e.g., `usermod -L mpi`).

4.3 Config or Code Example

Before

/etc/shadow:mpi::0:0:99999:7:::

After

/etc/shadow:mpi:$6$rounds=5000$salt$hashed_password:18345:0:99999:7:::

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this issue. Least privilege reduces the impact of exploitation, while strong password policies enforce secure credentials.

  • Practice 1: Implement least privilege principles to limit the damage an attacker can cause if they compromise an account.
  • Practice 2: Enforce strong password policies that require complex passwords and regular changes.

4.5 Automation (Optional)

#!/bin/bash
# Script to set password for mpi account on multiple systems
for host in <list_of_hosts>; do
  ssh $host "sudo passwd mpi"
done

5. Verification / Validation

Confirm the fix by attempting to log in with the new password and verifying that access is restricted without it. A smoke test should confirm normal system operation.

  • Post-fix check: Attempt login via SSH using username ‘mpi’ and the newly set password. Expected output: successful login.
  • Re-test: Re-run the quick check from section 3, attempting to log in with no password. Expected output: authentication failure.
  • Monitoring: Monitor authentication logs for failed login attempts using username ‘mpi’. This is an example only.
ssh mpi@<target_ip_address>

6. Preventive Measures and Monitoring

Update security baselines to include password requirements for default accounts, and add checks in deployment pipelines to prevent unpassworded accounts. Regular patch cycles help address vulnerabilities quickly.

  • Baselines: Update your system hardening baseline or CIS control configuration to require passwords on all default accounts.
  • Pipelines: Add a check during the build process to ensure that no default accounts are created without passwords.
  • Asset and patch process: Implement a regular patch review cycle to address known vulnerabilities, including those related to default accounts.

7. Risks, Side Effects, and Roll Back

Changing or disabling the ‘mpi’ account may impact services that rely on it. Restore from snapshot if issues occur.

8. References and Resources

  • Vendor advisory or bulletin: Not available in provided context.
  • NVD or CVE entry: CVE-1999-0502, CVE-2005-1379
  • Product or platform documentation relevant to the fix: Not available in provided context.
Updated on October 26, 2025

Was this article helpful?

Yes No

Related Articles