A security vulnerability was recently uncovered in Seagate’s BlackArmor Network Attached Storage (NAS) solutions, which could allow a remote attacker to reset the device’s administrator password.
“The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media,” The H Security reports.
“The Seagate BlackArmor network attached storage device contain a static php file used to reset the administrator password,” reports US-CERT’s Michael Orlando. “A remote unauthenticated attacker with access to the device’s management web server can directly access the webpage, http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php and reset the administrator password.”
“Seagate has been notified, but no fix has yet been made available,” Voice Of Grey Hat reports. “Also, there is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices’ web interface should be restricted.”