Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
HP admits to backdoors in storage products
Hewlett-Packard has agreed that there is an undocumented administrative account in its StoreVirtual products, and is promising a patch by 17 July.
The issue, which seems to have existed since 2009, was brought to the attention of The Register by Technion, the blogger who earlier published an undocumented backdoor in the company's StoreOnce products.
Since then, some HP users have confirmed the backdoors in e-mail to The Register, providing evidence of the account names and passwords that allow access to the devices. The Reg can report those credentials would not pass complexity tests required by many websites as they use no numerals, symbols or capital letters.
...
Although data isn't accessible via the backdoor, one user with around 50 TB of StoreVirtual capacity said the account gave sufficient access to reboot nodes in a cluster, “and so cripple the cluster”.
The issue, which seems to have existed since 2009, was brought to the attention of The Register by Technion, the blogger who earlier published an undocumented backdoor in the company's StoreOnce products.
Since then, some HP users have confirmed the backdoors in e-mail to The Register, providing evidence of the account names and passwords that allow access to the devices. The Reg can report those credentials would not pass complexity tests required by many websites as they use no numerals, symbols or capital letters.
...
Although data isn't accessible via the backdoor, one user with around 50 TB of StoreVirtual capacity said the account gave sufficient access to reboot nodes in a cluster, “and so cripple the cluster”.
Oy.
