Critical hole in Seagate BlackArmor NAS
Seagate BlackArmor NAS 440
Source: Seagate
Seagate's BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media.
The problem, documented by US-CERT, involves an unauthenticated attacked directly accessing http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php where they will be given the opportunity to reset the device's administrator password. There is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices' web interface should be restricted. Seagate has been notified, but no fix has yet been made available; the Seagate NAS Firmware update page was last updated on 17 February 2011.
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
