Feeds

HP closes StoreVirtual backdoor, slings key

Factory account still present, now requires one-time password

Beginner's guide to SSL certificates

Hewlett-Packard has issued a patch for the StoreVirtual vulnerability under which an undocumented factory account existed in a number of products running its LeftHand (or SAN iQ) software older than version 10.5.

The vulnerability was brought to the attention of The Register (and of HP) by blogger Technion, who had earlier pointed out a similar issue in the company's StoreOnce products.

The latest patch, available here, identifies 21 affected products, including Dell's PowerEdge 2950 and the IBM System x3650, to which the patch should be applied.

In both the StoreOnce and StoreVirtual products, the factory accounts were intended for support use. However, as Technion pointed out to Vulture South, if the accounts had fixed passwords and those passwords became known, any system visible to the Internet would be vulnerable to unauthorised remote access.

The patch now protects the factory accounts with a challenge-response-based one-time password. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
IT crisis looming: 'What if AWS goes pop, runs out of cash?'
Public IaaS... something's gotta give - and it may be AWS
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.