HP Keeps Installing Secret Backdoors In Enterprise Storage

Found on Slashdot on Friday, 12 July 2013

For the second time in a month, Hewlett-Packard has been forced to admit it built secret backdoors into its enterprise storage products. The admission, in a security bulletin posted July 9, confirms reports from the blogger Technion, who flagged the security issue in HP's StoreOnce systems in June, before finding more backdoors in other HP storage and SAN products.

The account also provides access to a factory-reset control that would allow intruders to destroy much of the data and configurations of a network of HP storage products. And it's not hard to find: 'Open up your favourite SSH client, key in the IP of an HP D2D unit. Enter in yourself the username HPSupport, and the password which has a SHA1 of 78a7ecf065324604540ad3c41c3bb8fe1d084c50.

Is there any big company which is not working against their customers these days? Some people will have fun times now that the password is known; all they need to do is search for StoreVirtual systems with public IP addresses.

Browse all articles« Previous « » Next »