Vulnerability Note VU#515283
Seagate BlackArmor device static administrator password reset vulnerability
The Seagate BlackArmor network attached storage device contains a static administrator password reset vulnerability.
The Seagate BlackArmor network attached storage device contain a static php file used to reset the administrator password. A remote unauthenticated attacker with access to the device's management web server can directly access the webpage, http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php and reset the administrator password.
A remote unauthenticated attacker may be able to reset the administrator password of the device.
The vendor has stated that updated firmware has been released that addresses this vulnerability. Updated firmware for 1, 2 and 4-bay Seagate BlackArmor devices can be found under the "Downloads" tab on vendor's support website.
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Seagate Technology LLC||Affected||07 Mar 2012||17 Jul 2012|
CVSS Metrics (Learn More)
Thanks to Jason Ellison for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-2568
- Date Public: 23 May 2012
- Date First Published: 23 May 2012
- Date Last Updated: 18 Jul 2012
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.