HP StorageWorks P2000 G3 MSA hardcoded user
by Manuel Humberto Santander Pelaez (Version: 2)
An encoded user was identified in the HP StorageWorks MSA G3 P2000, which does not appear in the user management system, which allows an attacker to access sensitive information stored on the device and other connected systems.
Username: admin
Password: !admin
It is difficult to make any forecast on this type of vulnerability, we recommend maintaining security baselines for all the infrastructure implemented in accordance with the recommendations of each manufacturer. Thus, we can manage the risks arising from use of these platforms without affecting performance or the result of business processes.
More information at http://www.securityweek.com/backdoor-vulnerability-discovered-hp-msa2000-storage-systems.
UPDATE (Joel): HP has posted a fix at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287
(Thanks to "jt" in the comments)
-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
Comments
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287
jt
Dec 17th 2010
1 decade ago