Hidden Backdoor Discovered On HP MSA2000 Arrays

Hidden Backdoor Discovered On HP MSA2000 Arrays 197

Posted by CmdrTaco on Tuesday December 14, 2010 @05:21PM from the i'm-your-backdoor-man dept.

wiredmikey writes "A hardcoded password-related security vulnerability has been discovered which apparently affects every HP MSA2000 G3, a modular large scale storage array. According to the alert, a hidden user exists that doesn't show up in the user manager, and the password cannot be changed, creating a perfect 'backdoor' opportunity for an attacker to gain access to potentially sensitive information stored on the device, as well as systems it is connected to."

Hidden Backdoor Discovered On HP MSA2000 Arrays

This discussion has been archived. No new comments can be posted.

Search 197 Comments Log In/Create an Account

Comments Filter:

Wow... (Score:5, Funny)

by Ethanol-fueled ( 1125189 ) * writes: on Tuesday December 14, 2010 @05:21PM (#34552382) Homepage Journal

The hard coded user and password in the HP MSA2000 is set to: username: admin password: !admin

WaHAHAHAHAH! Not even "n9xe2uPAthe9" or even "Mr.Snuffles". And it is exactly the same as the very generic username, except for one extra character. It's almost as bad(or perhaps even worse) then using "123456" or even "password." [slashdot.org]
This further proves that "faith based security" - relying on vendors to provide systems with built-in robust security- is not a good practice.
Well...nah, I won't even go there. Too easy. I'm trying to be a good boy. Would somebody like to post a sysadmin's prayer for us?

And the password is..... (Score:4, Funny)

by drsmack1 ( 698392 ) writes: on Tuesday December 14, 2010 @05:25PM (#34552448)

cntraltdelete
If that is too long to type, you can use the shortcut keys on your keyboard. This HP thing goes deep. . . .

Re:Wow... (Score:5, Funny)

by mrsteveman1 ( 1010381 ) writes: on Tuesday December 14, 2010 @05:27PM (#34552476)

Yes but you've now seen the ! so it's NOT admin, we'll have to keep looking.
Those HP guys are clever.

Hello Joshua ... (Score:4, Funny)

by tgd ( 2822 ) writes: on Tuesday December 14, 2010 @05:36PM (#34552630)

How about a nice game of chess?

That's funny, because (Score:4, Funny)

by seebs ( 15766 ) writes: on Tuesday December 14, 2010 @05:41PM (#34552732) Homepage

Whenever you type '!admin' all I see is '******'. Whereas, if I type 'hunter2', all you see is '*******'.

Re:Wow... (Score:5, Funny)

by beanpoppa ( 1305757 ) writes: on Tuesday December 14, 2010 @06:06PM (#34553222)

Steve-"Hey, Frank! What should I make the password for our backdoor admin account?" Frank-"Definitely NOT admin!" Steve-"Ok."

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Hidden Backdoor Discovered On HP MSA2000 Arrays 197

Hidden Backdoor Discovered On HP MSA2000 Arrays More Login

Hidden Backdoor Discovered On HP MSA2000 Arrays

Wow... (Score:5, Funny)

And the password is..... (Score:4, Funny)

Re:Wow... (Score:5, Funny)

Hello Joshua ... (Score:4, Funny)

That's funny, because (Score:4, Funny)

Re:Wow... (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot