Security Alert Backdoor found in HP modular storage arrays UPDATED

first_imgIt’s critical for any small business to be able to rely on the hardware they pay for to do the job without a ton of maintenance. Many small businesses don’t even pay a full time IT guy, much less keep up to date on the latest in security flaws that are found. They rely on companies like HP, who offer complete solutions in security, warranty, and maintenance to handle a lot of their day to day activities. So, what happens when relying on a solution like this results in ignoring a great big security hole that was created by  the very group protecting you?Do you or your company own a HP MSA2000 G3? For those that don’t know, it’s a modular storage array connected to servers providing a storage solution on a large scale.AdChoices广告If you do happen to use on at your place of work, you should be aware of a recent discovery that there is a hidden user on each of these boxes that does not show up in the user manager.This admin user, with a password of !admin, can’t be changed in any way, including the password, since they do not show up in user manager. This is the kind of backdoor that would cripple any business that relied on secure networked storage, should your network be discovered by someone malicious.Hopefully there is an update HP can deploy en masse that could resolve such a backdoor, but for now it is a problem that all HP MSA2000 G3 owners should be aware of.Read more at SECLISTS.orgUpdate from HP – 12/16/10 – An HP rep had this to say regarding the security issue:HP identified a potential security issue with the HP StorageWorks P2000 G3 MSA only. This does not impact HP’s entire MSA line of storage solutions. HP has identified an immediate fix for this issue and is rapidly informing customers of the solution. More information can be found at: read more