Hello,
How do you feel about the password reset feature in WithSecure Policy Manager Server and Console? It's openly documented in the manual and leaves H2DB contents intact, which I feel is a security risk.
WithSecure Support says to use Reset Tool on PM, user must first log into server OS as administrator, which is one of the security measures. I have two objections to that line of thought:
- In case of a user privilege elevation exploit in the OS, Joe Insidejob or Hacker Harry could promote themselves to full Windows / Linux admin and run the Reset Tool, thereby also becoming PMC admins. They could then turn off or uninstall anti-virus protection on thousands of clients, even if they couldn't do that directly on the individual endpoints due to uninstall password protection.
- PMC now has a feature to create minor admins for various sub-branches of a policy domain and those accounts can only see and configure those endpoints within their tree. It's likely those people have admin rights in OS (at least on the Windows Server platform...) In case of a contingency, PMC minor admins may feel informal pressure to become full PM admin by running the pwd reset tool, for example to be able to take new install package versions into use. Thereby user violates written corporate guidelines and possibly puts the company into hot water with auditors / regulators.
Thanks for your attention! Sincerely: Tamas Feher, Hungary.
