New backdoor in HP server products

Computer manufacturer HP has admitted that its StoreVirtual servers also contain an undocumented backdoor. The security vulnerability risks allowing attackers to gain unauthorised access to the storage systems. The backdoor provides users with direct access to the holy of holies, "LeftHand" (the operating system for the StoreVirtual server). HP has previously marketed its StoreVirtual systems as LeftHand Storage and P4000 SAN. LeftHand OS was originally called SAN/iQ.

http://www.h-online.com/security/news/item/New-backdoor-in-HP-server-products-1916506.html
New backdoor in HP server products
In a security advisory, HP stresses that, although the backdoor provides root access to the server, it does not provide access to the user data stored on the server system. HP is planning to provide a patch to permanently deactivate the backdoor by 17 July.




Tags: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)