SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Storage)  >   HPE StoreOnce D2D Backup System Vendors:   HPE
HP StoreOnce D2D Backup System Built-in Password Lets Remote Users Access the System
SecurityTracker Alert ID:  1028711
SecurityTracker URL:  http://securitytracker.com/id/1028711
CVE Reference:   CVE-2013-2342   (Links to External Site)
Updated:  Jul 8 2013
Original Entry Date:  Jun 27 2013
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.2.17 and prior, 1.2.17 and prior
Description:   A vulnerability was reported in HP StoreOnce D2D Backup System. A remote user can gain access to the target system.

The system includes a default user account 'HPSupport' with a hardcoded password. A remote user can access the system using the password.

Software version 3.0.0 or newer is not affected.

The following models are affected:

HP StoreOnce D2D4324 Backup System (EH985A)
HP StoreOnce D2D4312 Backup System (EH983B)
HP StoreOnce D2D4312 Backup System (EH983A)
HP StoreOnce D2D4112 Backup System (EH993C)
HP StoreOnce D2D4112 Backup System (EH993B)
HP StoreOnce D2D4106i Backup System (EH996B)
HP StoreOnce D2D4106i Backup System (EH996A)
HP StoreOnce D2D4106fc Backup System (EH998B)
HP StoreOnce D2D4106fc Backup System (EH998A)
HP StoreOnce D2D2504i Backup System (EJ002C)
HP StoreOnce D2D2504i Backup System (EJ002B)
HP StoreOnce D2D2502i Backup System (EJ001C)
HP StoreOnce D2D2502i Backup System (EJ001B)
HP D2D4112 Backup System (EH993A)
HP D2D4009fc Backup System (EH942A)
HP D2D4009i Backup System (EH939A)
HP D2D4004fc Backup System (EH941A)
HP D2D4004i Backup System (EH938A)
HP D2D2504i Backup System (EJ002A)
HP D2D2503i Backup System (EH945A)
HP D2D2502i Backup System (EJ001A)

The original advisory is available at:

http://www.lolware.net/hpstorage.html

Joshua Small reported this vulnerability.

Impact:   A remote user can gain access to the target system.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03813919-1

Vendor URL:  h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03813919-1 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC