Feeds

HP closes StoreVirtual backdoor, slings key

Factory account still present, now requires one-time password

Build a business case: developing custom apps

Hewlett-Packard has issued a patch for the StoreVirtual vulnerability under which an undocumented factory account existed in a number of products running its LeftHand (or SAN iQ) software older than version 10.5.

The vulnerability was brought to the attention of The Register (and of HP) by blogger Technion, who had earlier pointed out a similar issue in the company's StoreOnce products.

The latest patch, available here, identifies 21 affected products, including Dell's PowerEdge 2950 and the IBM System x3650, to which the patch should be applied.

In both the StoreOnce and StoreVirtual products, the factory accounts were intended for support use. However, as Technion pointed out to Vulture South, if the accounts had fixed passwords and those passwords became known, any system visible to the Internet would be vulnerable to unauthorised remote access.

The patch now protects the factory accounts with a challenge-response-based one-time password. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Cutting cancer rates: Data, models and a happy ending?
How surgery might be making cancer prognoses worse
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?