Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25312
HistoryDec 15, 2010 - 12:00 a.m.

Re: hidden admin user on every HP MSA2000 G3

2010-12-1500:00:00
vulners.com
56
JSON

On Mon, 13 Dec 2010 [email protected] wrote:

> i just found out that there is a hidden user on every HP MSA2000 G3
> SAN out there:
>
> username: admin
> password: !admin

Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really
necessary to give us so many different reasons to hate you?!)

> this user doesnt show up in the user manager, and the password
> cannot be changed - looks like the perfect backdoor for everybody.

The user was invisible but I was able to change its password in CLI with
"set password admin password …" (the change was effective, the old
password was not valid any longer).


Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)…" \ 21st century edition /

JSON