PT-2013-3688 · Hewlett Packard · Lefthand Os
Published
2013-07-10
·
Updated
2019-10-09
·
CVE-2013-2352
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HP StoreVirtual Storage devices running LeftHand OS (aka SAN iQ) versions 10.5 and earlier
Description
The issue is related to the lack of a mechanism for disabling the HP Support challenge-response root-login feature. This makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.
Recommendations
For versions 10.5 and earlier, consider disabling the root-login feature or restricting access to the HP Support challenge-response mechanism until a fix is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lefthand Os