HP Patching Storage Backdoor

Friday, July 12, 2013 @ 05:07 PM gHale

There is an undocumented administrative account in Hewlett-Packard’s StoreVirtual products and the computer giant promises it will patch it by July 17.

The issue, which has been around since 2009, came to light from Technion, the blogger who earlier published an undocumented backdoor in the company’s StoreOnce products.

‘Comment Crew’ Appears Back
Attack Plan Targets Oil Companies
Backdoor Malware Targets Asian Users
Malware Disguises as Antivirus

Since then, some HP users have confirmed the backdoors, providing evidence of the account names and passwords that allow access to the devices.

HP has now issued a security advisory, saying:

“This vulnerability could be remotely exploited to gain unauthorized access to the device.

“All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today.

“HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013.”

“Root access to the LeftHand OS does not provide access to the user data being stored on the system,” the company said.

Although data isn’t accessible via the backdoor, one user with around 50 TB of StoreVirtual capacity said the account gave sufficient access to reboot nodes in a cluster, “and so cripple the cluster.”

“It lets you browse to “SMH » Security » Trusted Management Servers” though, (“Certificates are used to establish the trust relationship between Systems Insight Manager or Insight Manager 7 and the System Management Homepage.”) You can use that to import a certificate to trust another Systems Insight Manager box,” said a user, who requested anonymity.

Leave a Reply

You must be logged in to post a comment.