CVE-2013-2352

Name of the Vulnerable Software and Affected Versions HP StoreVirtual Storage devices running LeftHand OS (aka SAN iQ) versions 10.5 and earlier

Description The issue is related to the lack of a mechanism for disabling the HP Support challenge-response root-login feature. This makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.

Recommendations For versions 10.5 and earlier, consider disabling the root-login feature or restricting access to the HP Support challenge-response mechanism until a fix is available.