December 15, 2010, 5:06PM
HP Storage Hardware Harbors Secret Back Door
Comment HP has acknowledged a security issue with storage area networking equipment after reports surfaced about a hard-coded "back door" account.
Hewlett Packard said in a statement that it has identified a "potential security issue" with one of its storage area networking (SAN) products and is readying a fix for the issue.
The company was responding to published reports about the existence of a hard coded user name and password that could provide unknown assailants with administrative access to HP StorageWorks P2000 storage area networking (SAN) product.
Editor's Pick
The devices reportedly contain a administrative account, 'admin,' and password '!admin' that are written into the device's firmware and can be used to gain administrative access to the system, but do not show up in the user management interface for the P2000 and can't be altered or deleted.
Hewlett Packard said the flaw, which it did not describe, does not affect its MSA line of storage solutions, as initially reported. HP said it has identified an "immediate fix" for the issue and is informing customers of the solution.
Hard coded "backdoor" user names and passwords have long been a dirty secret of the technology industry, but have become a sore issue for hardware and software vendors in recent months. The Stuxnet worm allegedly took advantage of a long known back door account in the WinCC industrial control software manufactured by Siemens. That company advised customers not to change that password even after news of the worm broke because doing so would make it impossible for the WinCC application to communicate with its database.
In November, Cisco issued a security alert that warned users of its Unified Videoconfernecing (UVC) products about the presence of three hard coded credentials in that product. Finally, on Wednesday, reports broke about a possible FBI-sanctioned backdoor in the OpenBSD operating system. Threatpost reported that developers who were involved in the creation of the operating system denied that any back doors were part of the code, but that such accusations are difficult to disprove, in any case.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (9)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (3)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (3)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
