Posted by Karn Ganeshen on Jun 16

*HP StoreEver MSL6480 Tape Library v4.10 – Multiple Vulnerabilities*

*Confirmed on firmware version 4.10*

*HPE PSRT response*: Upgrade to MSL6480 is 4.90 (current version)

*Weak Credentials Management*

The device comes with weak, default login credentials – security/security –
and the application does not enforce a mandatory, password change from
default to strong password values.

*Access Control Issues*

An unauthenticated user can download…