Technology News

latest updates from easySERVICE™

HP enterprise storage systems suffer ‘secret’ admin account flaw

hp_storageworks

The computer and server maker is working hard on a fix to a security flaw in one of its enterprise systems, which could allow unauthorized access to corporate data.

HP confirmed on Wednesday that older versions of its StoreOnce enterprise storage systems have a security flaw, which could potentially allow hackers access to vast amounts of corporate data.

The computer maker told press in a statement that it is “working actively on a fix” for the flaw.

These enterprise systems at the source of the flaw can cost into the tens of thousands of dollars per unit. The researcher who discovered the flaw disclosed it on his blog after his three weekly requests for an update have “gone ignored.”

The flaw involves a hidden administrative account that isn’t disclosed. There may be concerns that HP could, in theory, access corporate and user data, the researcher noted, but warned that the SHA1 password can easily be brute forced in plain text by hackers.

Now that the SHA1-hashed password has been published, anyone can potentially crack it and access systems with this “hidden” administrative account. It’s not clear at the time of writing whether anyone has yet, however.

An HP spokesperson added in its statement, which seemed to suggest that the computer maker itself had discovered the flaw, that it “identified a potential security issue with older HP StoreOnce models.” HP said that it does not affect systems with current version 3.0 software, “including the HP StoreOnce B6200 and HP StoreOnce VSA product offerings.”

The researcher noted that HP, which counts itself as a member of the Zero Day Initiative — a group that pays security researchers bounties for submitting security flaws — is “somewhat immune to” the philosophy that vulnerabilities should be disclosed.

HP has now disclosed the flaw in a public disclosure note, as of Wednesday, and a software patch will be issued on July 7 to “disable the undocumented HP Support user account.”

Source: Associated Press

 

Advertisements

7 comments on “HP enterprise storage systems suffer ‘secret’ admin account flaw

  1. mandy
    July 2, 2013

    Hey There. I discovered your weblog the use of msn.

    That is a really smartly written article. I’ll be sure to bookmark it and return to learn extra of your useful info. Thanks for the post. I will definitely comeback.

  2. runescape
    July 8, 2013

    this website can help me personally to find some good suggestions!

  3. Excellent way of telling, and fastidious article to take data concerning my presentation topic, which i am going to deliver in college.

  4. Hi! I just wanted to ask if you ever have any
    trouble with hackers? My last blog (wordpress) was hacked and I ended
    up losing many months of hard work due to no data backup.
    Do you have any solutions to stop hackers?

  5. Oh my goodness! Impressive article dude! Thank
    you, However I am encountering problems with your RSS.
    I don’t understand why I am unable to subscribe to it. Is there anyone else having the same RSS problems? Anybody who knows the solution can you kindly respond? Thanks!!

  6. エアジョーダン7
    July 18, 2013

    Very great post. I just stumbled upon your blog and wanted to say that I have really loved
    surfing around your weblog posts. In any case I will be
    subscribing for your rss feed and I’m hoping you write again very soon!

  7. ナイキジョーダン
    July 18, 2013

    I absolutely love your blog and find most of your post’s to be exactly I’m looking
    for. Would you offer guest writers to write content to suit your needs?
    I wouldn’t mind producing a post or elaborating on most of the subjects you write about here. Again, awesome web site!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: