HP Confirms Backdoor In StoreOnce Backup Products 45
wiredmikey writes "Security response personnel at HP are 'actively working on a fix' for a potentially dangerous backdoor in older versions of its StoreOnce backup product line. The company's confirmation of what it describes as a 'potential security issue' follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP's StoreOnce backup systems. The SHA1 hash for the password was also published, putting pressure on HP to get a fix ready for affected customers. SecurityWeek has confirmed that it is relatively trivial to brute-force the hash to obtain the seven-character password. The HP StoreOnce product, previously known as HP D2D, provides disk backup and recovery to small- to midsize businesses, large enterprises, remote offices and cloud service providers."
HP is on a Low Sodium Diet (Score:4, Funny)
>SecurityWeek has confirmed that it is relatively trivial to brute-force the hash to obtain the seven-character password.
HP is on a low sodium diet, they didn't add salt.
Re:badg3r5 (Score:5, Funny)
I guess the HP patch, upgrades the string to f3bbbd66a63d4bf1747940578ec3d0103530e21d.
HP (Score:5, Funny)
The best part of clicking on the link to TFA was the pop-over advertisement from HP that said "How secure is your code?"
Way to go HP!