FYI: If you're running HP Device Manager, anyone on your network can get admin on your server via backdoor

Wednesday 30th September 2020 09:10 GMT Anonymous South African Coward

HP = Hoi Polloi, Hire Purchase, Hickey Puters....

3 0 Reply
Wednesday 30th September 2020 09:16 GMT Tom Chiverton 1

As SYSTEM

So, Linux boxes fine then?

0 3 Reply
Wednesday 30th September 2020 09:21 GMT Chairman of the Bored

Have a pint

How many of us (myself specifically included) would have blown right past the log entry? Nicely done, sir.

9 0 Reply
1. Wednesday 30th September 2020 23:54 GMT NickstaDB
  
  Re: Have a pint
  
  I probably wouldn't have spotted the log either TBH! I spotted the user in the database first, then searched the app and files for references to it which led me to the log.
  
  3 0 Reply
Wednesday 30th September 2020 09:25 GMT Why Not?

Oh dear

Admin users with default weak passwords where have I heard that before?

Oh yes even senators understand that is bad, come on HP.

7 0 Reply
Wednesday 30th September 2020 09:50 GMT Andy The Hat

Those damn Chinese state-enforced back doors discovered again ... What? You sure it's not Chinese?

11 0 Reply
Wednesday 30th September 2020 11:52 GMT Oh Matron!

Dare I say...

All your (data)base are belong to su...

10 0 Reply
Wednesday 30th September 2020 13:36 GMT A random security guy

Shouldn't we mandate the removal of username/passwords for databases?

The question is, where is the password kept? The hacker is probably more interested in finding out which script or file the password is stored in.

0 3 Reply
Wednesday 30th September 2020 15:28 GMT mark jacobs

How can you tell if you're affected?

How do you know if a PC is running HP Device Manager?

2 0 Reply
Wednesday 30th September 2020 17:07 GMT Bold Sir Robin

I'll give them 1 out of 10

...for setting the password to one space, rather than 123456...

1 0 Reply
1. Wednesday 30th September 2020 20:46 GMT Mage
  
  Re: I'll give them 1 out of 10
  
  Or letmein, the default on Sage Line 50 that people rarely changed.
  
  How hard is to have a 1st use screen where it explains about the address book kept in the safe that's used for passwords and prompts for a new password and then run a cracking tool rather than just count the number and types of characters?
  
  Oh, and keep an off site copy securely too.
  
  One company I know used a spreadsheet saved in Office 365 for ALL the company passwords!
  
  Paper is more secure and can be more easily secured.
  
  3 0 Reply
2. Wednesday 30th September 2020 23:54 GMT NickstaDB
  
  Re: I'll give them 1 out of 10
  
  Haha, oh that was a painful discovery. I ran a 1-8 character alphanumeric bruteforce attack on the password hash, then several dictionary and rule combinations before cracking that password.
  
  2 0 Reply
Wednesday 30th September 2020 17:24 GMT Mage

One solution

Don't install HP drivers or software? I'm wary after the driver that LATER disabled working 3rd party toner cartridges.

I remember when HP was really good. I think sometime before they bought Compaq and realised how much money ink could make. And they did real test gear in those days too.

What does this HP Device Manager actually do?

6 0 Reply
1. Saturday 3rd October 2020 00:55 GMT Anonymous Coward
  
  Re: One solution
  
  "What does this HP Device Manager actually do?"
  
  From the HP link in the article:
  
  "Make it easy for your IT admins to remotely deploy, update, and manage thousands of HP Thin Clients from anywhere1 through a single console with HP Device Manager, a tool included with HP Thin Clients at no extra cost."
  
  0 0 Reply
Wednesday 30th September 2020 20:48 GMT Lorribot

Developers, gotta love them.

I love developers, they are such unrestrained crazy people who make me laugh so much with their out there ideas on security and I admire their attitude to get things done to deliver the project on time no matter what.

0 0 Reply
Thursday 1st October 2020 19:34 GMT Anonymous Coward

The difficulty with the suggested fix

Is in accessing port 40006 ¼.

1 0 Reply