1. Disable password mode of authentication in the Remote Management policy, if its not being used. The property is disabled by default in the policy.
2. Distribute a common password via NAL or TED only in a trusted environment.
The following conditions must be fulfilled for the hacker to play the attack:
1. Both the managed devices must be configured with the same password. Note: This may be common when a password is distributed to managed devices via NAL in case of ZDM 7.x and ZfD 4.x, and via TED in case of ZSM 7.x and ZfS 3.x.
2. The hacker must have access to a managed device configured with the Remote Management password.
3. The hacker needs to have knowledge of the protocol used for Remote Management password authentication.
1. A hacker cannot reuse the Remote Management password on a managed workstation to authenticate into a remote session on a managed server, and vice-versa.
2. A hacker cannot exploit the vulnerability when the password mode of authentication is disabled on the target managed device.
3. A hacker cannot exploit the vulnerability when the passwords do not match on the local and target managed device.