Backdoor in HP MSA P2000 G3
While searching for information on monitoring the said shelf with Zabbix tools, I accidentally stumbled upon an interesting post dated 2010. As it is stated there, in this shelf there is a hidden admin account with the default password “! Admin”, which has full rights, similar to the manage account. I entered these credentials on the authorization page of the web interface of one of our shelves, which has the latest firmware updates, and successfully logged in with manage rights.
Since accounting is not visible from the web interface, you can only change the password through the CLI:
As for the official documentation, this account is mentioned only once in the CLI Reference Guide : "Without any explanation."
Since accounting is not visible from the web interface, you can only change the password through the CLI:
# set password admin
Enter new password: *****************************
Re-enter new password: *****************************
Success: Command completed successfully. (admin) - The password was changed.
As for the official documentation, this account is mentioned only once in the CLI Reference Guide : "Without any explanation."
')
Source: https://habr.com/ru/post/204532/
All Articles