Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
From: Neusbeer <neusbeer () gmail com>
Date: Mon, 08 Jul 2013 20:49:54 +0200


VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP StoreOnce D2D
Backup System. The vulnerability could be exploited remotely resulting in
unauthorized access and modification.

A user who is logged in via the HPSupport user account does not have access
to the data that has been backed up to the HP StoreOnce Backup system, and
hence is not able to read or download the backed up data. However, it is
possible to reset the device to factory defaults, and hence delete all backed
up data that is present on the device.


But you can change the password of the administrator so you can acces the web gui

ssh -l HPSupport <ip>

> set password Administrator LetMeIn



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]