December 2, 2013 at 15:59Backdoor on HP MSA P2000 G3
While searching for information on monitoring the aforementioned shelf using Zabbix tools, I accidentally stumbled upon an interesting post dated 2010. As stated there, in this shelf there is a hidden admin account with the default password “! Admin”, which has full rights similar to the manage account . I entered these credentials on the authorization page of the web interface of one of our shelves, which has current firmware updates, and successfully logged in with manage privileges.
Since the account is not visible from the web interface, you can only change the password through the CLI:
As for the official documentation, this account is mentioned only once in the CLI Reference Guide : “The user name admin is reserved for internal use” - without any explanation.
Since the account is not visible from the web interface, you can only change the password through the CLI:
# set password admin
Enter new password: ******************************
Re-enter new password: ******** *********************
Success: Command completed successfully. (admin) - The password was changed.
As for the official documentation, this account is mentioned only once in the CLI Reference Guide : “The user name admin is reserved for internal use” - without any explanation.