Seagate Server Vulnerability

Wednesday, May 30, 2012 @ 01:05 PM gHale

Seagate’s BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL.

The BlackArmor range of network-attached storage devices aims at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media.

RuggedCom Fixes Vulnerability
Update Patches xArrow Holes
Measuresoft ScadaPro Upgrade
Pro-face Pro-Server Vulnerabilities

The problem, documented by US-CERT, involves an unauthenticated attack directly accessing http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php where they have the opportunity to reset the device’s administrator password.

There is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices’ web interface should be restricted.

Seagate is aware of the problem, but there is no fix available yet; the last update on the Seagate NAS Firmware update page was 17 February 2011.

Leave a Reply

You must be logged in to post a comment.