HP acknowledges the presence of a 'backdoor' in its storage products

Advertisement
By Anupam Saxena | Updated: 13 July 2013 14:51 IST
HP (Hewlett Packard) has admitted that its StoreVirtual storage area network (SAN) products contain a 'backdoor' that allows remote access via an administrative account.

This essentially means that anyone with an account username and password meant for backdoor access will be able to log into the systems and gain access to the operating system, which is a big security hole. These backdoors are actually meant for providing remote support to customers and replaced a hard-rest button which used to be present on the hardware to factory reset the systems. HP started including a different backdoor access account into LeftHand 9.0 the custom operating system used by HP's network storage appliance.

HP has promised to deliver a fix by July 19, The Register notes.

The vulnerability was discovered by Technion, a blogger who first brought it to public notice and to HP's notice through its forums and pointed out that these accounts have existed since 2009.

In a new communication bulletin, HP has admitted that its SAN devices have a vulnerability that could be remotely exploited to gain unauthorised access to the device. However, it has said that the backdoor entry does not offer access to the user data stored on the system.

Here's the full text of the communication:

A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device.

All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today.

HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013.

HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked.

Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access to prevent repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system.
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: HP, HP SAN security vulnerability, HP StoreVirtual Storage systems, backdoors
The Arctic may soon get high-speed broadband
Bose founder and chairman Amar Bose dies at age 83
Advertisement

Related Stories

Best Gaming Laptops Under Rs. 80,000 in India: Lenovo LOQ 15, Acer ALG, HP Victus and More
6 December 2025
HP PCs Could Reportedly See Price Hike, Reduced Configurations Amid Global Memory Shortage
27 November 2025
Apple, Amazon, Meta Among US Tech Giants Opposing Jio, Vi’s 6GHz Band Allocation Demand: Report
24 November 2025
HP Gas Booking Numbers: How to Book LPG Cylinder Using Different Methods
19 November 2025
Best Gaming Laptops Under Rs 70,000 in India: MSI GF63 Thin, HP Victus 15, Acer Nitro 5, and More
11 November 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Here's When the Realme 16 Pro Series Will Launch in India
  2. OTT Releases This Week: Thamma, Mrs Deshpande, Raat Akeli Hai The Bansal Murders, and More
  3. Google's Pixel Upgrade Program Lets You Get the Latest Model Every Year
  4. Sony's Year-End Holiday Sale on PS5 Accessories, Games Kicks Off Next Week
  5. Here's How Much The Redmi Note 15 5G Could Cost in India
  6. Dominic and The Ladies' Purse Streaming Now: Know Where to Watch It Online
  7. Oppo Reno 15 Pro, Reno 15 Pro Max Global Variants Surface on Geekbench
  8. Oppo Pad Air 5 Launch Date Announced: See Expected Features
  9. Netflix Is Bringing a New FIFA Game in Time for 2026 FIFA World Cup
  10. Samsung Announces Exynos 2600 as World's First 2nm Chipset
#Latest Stories
  1. New FIFA Game to Launch on Netflix Games in Time for FIFA World Cup Next Year
  2. WhatsApp GhostPairing Scam Reportedly Lets Hackers Take Over Accounts Without Authentication
  3. Honor Magic V6 Tipped to Launch With 7,200mAh Dual-Cell Battery, Snapdragon 8 Elite Gen 5 SoC
  4. YouTube Bans Popular Indian Channel for Making Misleading AI-Generated Movie Trailers
  5. OpenAI Updates AI Guidelines to Prioritise Teen Safety Over Other Goals
  6. Dominic and The Ladies Purse Out on OTT: Know Everything About Streaming, Plot, Cast, and More
  7. Sony Announces Year-End Holiday Sale in India on PS5 Accessories, Games
  8. Xiaomi 17 Ultra Battery, Charging Specifications and Colourways Tipped Ahead of Launch
  9. Redmi Note 15 5G Price in India, Storage Configurations Tipped Ahead of January 6 Launch
  10. Little Hearts Streaming Now on Netflix: Know Everything About Plot, Cast, and More
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.