Bugtraq mailing list archives
Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
From: Neusbeer <neusbeer () gmail com>
Date: Mon, 08 Jul 2013 20:49:54 +0200
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device.But you can change the password of the administrator so you can acces the web gui
ssh -l HPSupport <ip> > set password Administrator LetMeIn
Current thread:
- [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification security-alert (Jul 08)
- Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification Neusbeer (Jul 08)