• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Security
  • HP warns on presence of backdoor in storage devices

HP warns on presence of backdoor in storage devices

Pierluigi Paganini July 12, 2013

HP publicly admitted the presence of backdoor in its StoreVirtual storage products designed to respond to the needs of virtualized environments.

HP publicly admitted the presence of backdoor in its storage products, in particular the company revealed the presence of an undocumented administrative account in the product family StoreVirtual designed to respond to the needs of virtualized environments.

The official security bulletin from HP Support is HPSBST02896 rev.1 – HP StoreVirtual Storage, Remote Unauthorized Access.

HP is revealed the presence of the backdoor and informed its clients that a patch will be released within July 17th, the discovery was made by the blogger known as Technion that recently issued information on  an undocumented backdoor in HP’s StoreOnce product. Technion found administrative password recoverable remotely by HP support.

“This vulnerability could be remotely exploited to gain unauthorized access to the device. “All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today.”

“HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013.” states the HP security advisory.

HP remarked that its storage appliances use the LeftHand OS which is not accessible to the end user (root access is blocked), a restricted access is available to the user via the HP StoreVirtual Command-Line Interface.

HP Backdoor StoreVirtual

The root access is used by HP Support for customer support to resolve complex issues.

 “To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access to prevent repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system.”

The blogger revealed that the flaw seems to be company support backdoor left in the HP StoreVirtual SAN product family that is based on the Left Hand operating system.

What is concerning is that the backdoors appear to be dated to 2009, since then HP users have confirmed the backdoor’s presence to media such as The Register providing evidence of credentials that allow remote access to the storage devices. Another curious particular is that the password used for an undocumented administrative account doesn’t satisfy the password complexity tests, it seems that the credentials no use capital letters, numerals and symbols.

Technion identified two support forum posts that unequivocally demonstrate that lost admin passwords are resettable by HP.

“You will need to call support and they can get into the backed and reset it for you. 1-800-633-3600 ‘Lefthand Solutions’”. states one of the posts.

The other, posted by a LeftHand product manager in 2009 confirmed the possibility for a remote password reset: “

Call support. They can reset the password remotely.”

The good news is that HP announced that “Root access to the LeftHand OS does not provide access to the user data being stored on the system”.

Despite data theft is excluded by HP it must be considered that an attacker could to reboot nodes in a cluster with serious repercussions. In the following picture the list of HP devices containing the backdoor:

 HP backdoor devices list

 

On June 2013 Security Week already published the news related the HP storages, it described the HP company’s confirmation of what it describes as a “potential security issue” follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP’s StoreOnce backup systems. In a statement issued to SecurityWeek, an HP spokesperson said a fix in the works.

“HP identified a potential security issue with older HP StoreOnce models. This does not impact StoreOnce systems with the current version 3.0 software, including the HP StoreOnce B6200 and HP StoreOnce VSA product offerings. HP takes security issues very seriously and is working actively on a fix. More information for customers will be made available within a few hours,” 

On an HP user on a support forum revealed that the vulnerability also allows the attacker to browse to “SMH » Security » Trusted Management Servers and import a certificate to trust another Systems Insight Manager box.

Certificates are used to establish the trust relationship between Systems Insight Manager or Insight Manager 7 and the System Management Homepage.

This is not the first time that researchers found a hardware backdoor for maintenance purpose in commercial products,  HP for example in December 2010 was cited by various security experts for a similar hardcoded backdoor in HP’s MSA2000 G3 modular storage array systems.

The practice of embedding hardcoded passwords is very risky because exposes customers to the offensive of hackers.

“organizations need to look at everything that has a microprocessor, memory or an application/process running – these all have similar embedded credentials that represent significant organizational vulnerabilities. This further proves that “faith based security” – relying on vendors to provide systems with built-in robust security- is not a good practice.” said Shlomi Dinoor, Vice President emerging technologies at Cyber-Ark Software.

The security of any hardware is the resultant of security of each component they include, vendors have to carefully consider it.

Pierluigi Paganini

(Security Affairs – HP, backdoor)


facebook linkedin twitter

backdoor HP storage devices StoreVirtual

you might also like

Pierluigi Paganini July 06, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52
Read more
Pierluigi Paganini July 05, 2025
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Hunters International ransomware gang shuts down and offers free decryption keys to all victims

    Cyber Crime / July 06, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

    Security / July 06, 2025

    Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 06, 2025

    North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

    Malware / July 05, 2025

    Critical Sudo bugs expose major Linux distros to local Root exploits

    Security / July 04, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT