lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <51DB09D2.4050904@gmail.com>
Date: Mon, 08 Jul 2013 20:49:54 +0200
From: Neusbeer <neusbeer@...il.com>
To: security-alert@...com, bugtraq@...urityfocus.com
Subject: Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup
 System, Remote Unauthorized Access and Modification


VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP StoreOnce D2D
Backup System. The vulnerability could be exploited remotely resulting in
unauthorized access and modification.

A user who is logged in via the HPSupport user account does not have access
to the data that has been backed up to the HP StoreOnce Backup system, and
hence is not able to read or download the backed up data. However, it is
possible to reset the device to factory defaults, and hence delete all backed
up data that is present on the device.


But you can change the password of the administrator so you can acces 
the web gui

ssh -l HPSupport <ip>

 > set password Administrator LetMeIn


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ