HP said Wednesday it’s “
working actively on a fix” for a security hole in one of its enterprise storage systems that hackers could use to have a field day with corporate data. The hole affects HP’s StoreOnce systems, which are expensive and hold tons of data.
One model, the StoreOnce 4210, is currently listed for $28,271.99 on CDW, an HP reseller.
HP’s confirmation comes after an anonymous security researcher publicly disclosed details on how to take advantage of the flaw.
In an undated blog post, the researcher posted a username, and details on figuring out a password, which make it possible to log into a vulnerable StoreOnce system over the Internet.
The researcher claims they told HP about the StoreOnce issue, but HP has ignored their requests for an update for the past three weeks.
So, the researcher decided to go public with details about the flaw.
HP didn’t respond when we asked if the researcher’s version of events is accurate.
But if it’s true, it would be ironic.
That’s because HP is in charge of an industry group called the Zero Day Initiative, which pays security researchers cash bounties for submitting flaws that vendor’s aren’t aware of—and have had “zero days” to fix.
The goal of the program is to stop “zero day attacks,” or ones that take advantage of flaws like the one HP is now scrambling to fix.
An HP spokesperson told Ryan Naraine of SecurityWeek the flaw only affects older HP StoreOnce models. Still, this is a potentially serious flaw and HP will likely be releasing a fix for it very soon.
“HP takes security issues very seriously and is working actively on a fix. More information for customers will be made available within a few hours,” HP said in a statement to SecurityWeek.
Business Insider Emails & Alerts
Site highlights each day to your inbox.