[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
- To: security-alert@xxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
- From: Neusbeer <neusbeer@xxxxxxxxx>
- Date: Mon, 08 Jul 2013 20:49:54 +0200
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP StoreOnce D2D
Backup System. The vulnerability could be exploited remotely resulting in
unauthorized access and modification.
A user who is logged in via the HPSupport user account does not have access
to the data that has been backed up to the HP StoreOnce Backup system, and
hence is not able to read or download the backed up data. However, it is
possible to reset the device to factory defaults, and hence delete all backed
up data that is present on the device.
But you can change the password of the administrator so you can acces
the web gui
ssh -l HPSupport <ip>
> set password Administrator LetMeIn