Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HP StorageWorks P2000 G3 MSA hardcoded user - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
HP StorageWorks P2000 G3 MSA hardcoded user

An encoded user was identified in the HP StorageWorks MSA G3 P2000, which does not appear in the user management system, which allows an attacker to access sensitive information stored on the device and other connected systems.

Username: admin

Password: !admin

It is difficult to make any forecast on this type of vulnerability, we recommend maintaining security baselines for all the infrastructure implemented in accordance with the recommendations of each manufacturer. Thus, we can manage the risks arising from use of these platforms without affecting performance or the result of business processes.

More information at http://www.securityweek.com/backdoor-vulnerability-discovered-hp-msa2000-storage-systems.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
Looks like HP has put out a fix.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287
Anonymous

Sign Up for Free or Log In to start participating in the conversation!