Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup- System, Remote Unauthorized Access and Modification

From: Neusbeer <neusbeer@gmail.com>
To: security-alert@hp.com,bugtraq@securityfocus.com
Cc:
Subject: Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup- System, Remote Unauthorized Access and Modification
Date:



VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP StoreOnce D2D
Backup System. The vulnerability could be exploited remotely resulting in
unauthorized access and modification.

A user who is logged in via the HPSupport user account does not have access
to the data that has been backed up to the HP StoreOnce Backup system, and
hence is not able to read or download the backed up data. However, it is
possible to reset the device to factory defaults, and hence delete all backed
up data that is present on the device.


But you can change the password of the administrator so you can acces 
the web gui

ssh -l HPSupport <ip>

 > set password Administrator LetMeIn






Copyright © 1995-2019 LinuxRocket.net. All rights reserved.