Critical hole in Seagate BlackArmor NAS
Source: Seagate
Seagate's BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media.
The problem, documented by US-CERT, involves an unauthenticated attacked directly accessing http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php
where they will be given the opportunity to reset the device's administrator password. There is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices' web interface should be restricted. Seagate has been notified, but no fix has yet been made available; the Seagate NAS Firmware update page was last updated on 17 February 2011.
(djwm)