On Mon, 13 Dec 2010 hpdisclosure@xxxxxxxxxxx wrote: > i just found out that there is a hidden user on every HP MSA2000 G3 > SAN out there: > > username: admin > password: !admin Confirmed on P2000 G3 (fw L100R013). (Please, HP, is it really necessary to give us *so many* different reasons to hate you?!) > this user doesnt show up in the user manager, and the password > cannot be changed - looks like the perfect backdoor for everybody. The user was invisible but I was able to change its password in CLI with "set password admin password ..." (the change was effective, the old password was not valid any longer). -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition /
