In association with heise online

28 May 2012, 14:49

Critical hole in Seagate BlackArmor NAS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Seagate BlackArmor NAS 440
Seagate BlackArmor NAS 440
Source: Seagate
Seagate's BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media.

The problem, documented by US-CERT, involves an unauthenticated attacked directly accessing http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php where they will be given the opportunity to reset the device's administrator password. There is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices' web interface should be restricted. Seagate has been notified, but no fix has yet been made available; the Seagate NAS Firmware update page was last updated on 17 February 2011.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit