Administrative Password Reset Vulnerability Found in Seagate BlackArmor NAS
Security experts have revealed that the Seagate BlackArmor network attached storage device (NAS server) contains a static administrator password reset vulnerability by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media. According to an exclusive report of US-CERT A remote unauthenticated attacker with access to the device's management web server can directly access the webpage, http://DevicesIpAddress/d41d8cd98f00b204e9800998ecf8427e.php and reset the administrator password.
Seagate has been notified, but no fix has yet been made available. Also there is no current solution to the problem and US-CERT are only advising that network access to BlackArmor devices' web interface should be restricted. For additional information click here.