• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Security
  • HP warns on presence of backdoor in storage devices

HP warns on presence of backdoor in storage devices

Pierluigi Paganini July 12, 2013

HP publicly admitted the presence of backdoor in its StoreVirtual storage products designed to respond to the needs of virtualized environments.

HP publicly admitted the presence of backdoor in its storage products, in particular the company revealed the presence of an undocumented administrative account in the product family StoreVirtual designed to respond to the needs of virtualized environments.

The official security bulletin from HP Support is HPSBST02896 rev.1 – HP StoreVirtual Storage, Remote Unauthorized Access.

HP is revealed the presence of the backdoor and informed its clients that a patch will be released within July 17th, the discovery was made by the blogger known as Technion that recently issued information on  an undocumented backdoor in HP’s StoreOnce product. Technion found administrative password recoverable remotely by HP support.

“This vulnerability could be remotely exploited to gain unauthorized access to the device. “All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today.”

“HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013.” states the HP security advisory.

HP remarked that its storage appliances use the LeftHand OS which is not accessible to the end user (root access is blocked), a restricted access is available to the user via the HP StoreVirtual Command-Line Interface.

HP Backdoor StoreVirtual

The root access is used by HP Support for customer support to resolve complex issues.

 “To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access to prevent repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system.”

The blogger revealed that the flaw seems to be company support backdoor left in the HP StoreVirtual SAN product family that is based on the Left Hand operating system.

What is concerning is that the backdoors appear to be dated to 2009, since then HP users have confirmed the backdoor’s presence to media such as The Register providing evidence of credentials that allow remote access to the storage devices. Another curious particular is that the password used for an undocumented administrative account doesn’t satisfy the password complexity tests, it seems that the credentials no use capital letters, numerals and symbols.

Technion identified two support forum posts that unequivocally demonstrate that lost admin passwords are resettable by HP.

“You will need to call support and they can get into the backed and reset it for you. 1-800-633-3600 ‘Lefthand Solutions’”. states one of the posts.

The other, posted by a LeftHand product manager in 2009 confirmed the possibility for a remote password reset: “

Call support. They can reset the password remotely.”

The good news is that HP announced that “Root access to the LeftHand OS does not provide access to the user data being stored on the system”.

Despite data theft is excluded by HP it must be considered that an attacker could to reboot nodes in a cluster with serious repercussions. In the following picture the list of HP devices containing the backdoor:

 HP backdoor devices list

 

On June 2013 Security Week already published the news related the HP storages, it described the HP company’s confirmation of what it describes as a “potential security issue” follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP’s StoreOnce backup systems. In a statement issued to SecurityWeek, an HP spokesperson said a fix in the works.

“HP identified a potential security issue with older HP StoreOnce models. This does not impact StoreOnce systems with the current version 3.0 software, including the HP StoreOnce B6200 and HP StoreOnce VSA product offerings. HP takes security issues very seriously and is working actively on a fix. More information for customers will be made available within a few hours,” 

On an HP user on a support forum revealed that the vulnerability also allows the attacker to browse to “SMH » Security » Trusted Management Servers and import a certificate to trust another Systems Insight Manager box.

Certificates are used to establish the trust relationship between Systems Insight Manager or Insight Manager 7 and the System Management Homepage.

This is not the first time that researchers found a hardware backdoor for maintenance purpose in commercial products,  HP for example in December 2010 was cited by various security experts for a similar hardcoded backdoor in HP’s MSA2000 G3 modular storage array systems.

The practice of embedding hardcoded passwords is very risky because exposes customers to the offensive of hackers.

“organizations need to look at everything that has a microprocessor, memory or an application/process running – these all have similar embedded credentials that represent significant organizational vulnerabilities. This further proves that “faith based security” – relying on vendors to provide systems with built-in robust security- is not a good practice.” said Shlomi Dinoor, Vice President emerging technologies at Cyber-Ark Software.

The security of any hardware is the resultant of security of each component they include, vendors have to carefully consider it.

Pierluigi Paganini

(Security Affairs – HP, backdoor)


facebook linkedin twitter

backdoor HP storage devices StoreVirtual

you might also like

Pierluigi Paganini July 25, 2025
Mitel patches critical MiVoice MX-ONE Auth bypass flaw
Read more
Pierluigi Paganini July 24, 2025
SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

    Security / July 24, 2025

    DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

    Security / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT