Technology News

latest updates from easySERVICE™

HP will patch a security vulnerability that allows remote unauthorized access to its StoreVirtual products

 

 

HP said in a security bulletin on Tuesday it will patch a security vulnerability that allows remote unauthorized access to its StoreVirtual products.

 

The patch is expected to land in a week’s time — on or before July 17, the company said.

The “backdoor” flaw allows HP support to access the core in-built operating system, LeftHand OS, which is not accessible to the end user. While some access is provided via the command-line interface, root access is blocked.

For some “complex issues” HP can dial into the software with root access with a one-time password, which protects from repeated access to the system.

HP confirmed that the vulnerability “could be remotely exploited to gain unauthorized access to the device.”

The notice confirms that root access to the underlying operating system does not provide access to stored user data. But according to The Register, one user with 50TB of data was able to use this vulnerability to access reboot nodes in a cluster, “and so cripple the cluster.”

“All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today,” the advisory noted.

Share your thoughts in the comments below and don’t forget to like this post.

Source: Associated Press

 

Advertisements

One comment on “HP will patch a security vulnerability that allows remote unauthorized access to its StoreVirtual products

  1. Juh
    August 4, 2013

    nice post i liked it..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: