

HP D2D / StorOnce Storage unit backdoors - jfriedly
http://www.lolware.net/hpstorage.html

======
sp332
Some discussion from a few days ago:
[https://news.ycombinator.com/item?id=6024033](https://news.ycombinator.com/item?id=6024033)

HP's security bulletin:
[https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/pu...](https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-
navigationalState%3DdocId%253Demr_na-c03825537-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken)

 _HP StoreVirtual products are storage appliances that use a custom operating
system, LeftHand OS, which is not accessible to the end user. Limited access
is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ)
however root access is blocked._ However any privilege-escalation attacks
would probably work.

------
ianhawes
The SHA-1 plaintext is badg3r5

------
jfriedly
The password can be easily found by googling the SHA1 hash.

~~~
DanBC
And if no-one had posted the password it's easy enough to use any of the
online "hash crackers" to get the password.

