Default Password (badg3r5) for 'HPSupport' Account

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote system can be accessed with a default account.

Description :

The account 'HPSupport' on the remote host has the password 'badg3r5'.

An attacker may leverage this issue to gain administrative access to the
affected system.

Note that HP StoreOnce D2D Backup systems running software version
2.2.17 / 1.2.17 or older are known to have an account that uses these
credentials.

See also :

http://www.lolware.net/hpstorage.html
http://www.nessus.org/u?0eeaeffa

Solution :

If the device is an HP StoreOnce D2D Backup system, upgrade to software
version 2.2.18 / 1.2.18 or later.

Otherwise, set a strong password for this account or use ACLs to
restrict access to the host.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Default Unix Accounts

Nessus Plugin ID: 67005 ()

Bugtraq ID: 60819

CVE ID: CVE-2013-2342