On Mon, 13 Dec 2010 hpdisclosure (at) anonmail (dot) de [email concealed] wrote:
> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin
Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us *so many* different reasons to hate you?!)
> this user doesnt show up in the user manager, and the password
> cannot be changed - looks like the perfect backdoor for everybody.
The user was invisible but I was able to change its password in CLI with
"set password admin password ..." (the change was effective, the old
password was not valid any longer).
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 "For death is come up into our MS Windows(tm)..." \ 21st century edition /
> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin
Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us *so many* different reasons to hate you?!)
> this user doesnt show up in the user manager, and the password
> cannot be changed - looks like the perfect backdoor for everybody.
The user was invisible but I was able to change its password in CLI with
"set password admin password ..." (the change was effective, the old
password was not valid any longer).
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 "For death is come up into our MS Windows(tm)..." \ 21st century edition /
[ reply ]