Feeds

HP closes StoreVirtual backdoor, slings key

Factory account still present, now requires one-time password

Remote control for virtualized desktops

Hewlett-Packard has issued a patch for the StoreVirtual vulnerability under which an undocumented factory account existed in a number of products running its LeftHand (or SAN iQ) software older than version 10.5.

The vulnerability was brought to the attention of The Register (and of HP) by blogger Technion, who had earlier pointed out a similar issue in the company's StoreOnce products.

The latest patch, available here, identifies 21 affected products, including Dell's PowerEdge 2950 and the IBM System x3650, to which the patch should be applied.

In both the StoreOnce and StoreVirtual products, the factory accounts were intended for support use. However, as Technion pointed out to Vulture South, if the accounts had fixed passwords and those passwords became known, any system visible to the Internet would be vulnerable to unauthorised remote access.

The patch now protects the factory accounts with a challenge-response-based one-time password. ®

Beginner's guide to SSL certificates

More from The Register

next story
The cloud that goes puff: Seagate Central home NAS woes
4TB of home storage is great, until you wake up to a dead device
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Intel offers ingenious piece of 10TB 3D NAND chippery
The race for next generation flash capacity now on
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.