WTF Asustor? Should I be worried?

Moderator: Lillian.W@AST

Post Reply
chazzz
Posts: 6
youtube meble na wymiar Warszawa
Joined: Sat Feb 08, 2014 3:51 pm

WTF Asustor? Should I be worried?

Post by chazzz »

NAS: AS-202TE
ADM version: 3.0.5.RDU1

First time seeing a successful unauthorized login. I then tried it myself and it worked, using "nvradmin" as both user name and password. From the looks of it you can't do much with the unauthorized login because no file access rights were given. But I'm no IT expert so should I be worried? Is there anything I can do within the NAS setting to prevent this from happening again?
IMG_7368.JPG
IMG_7368.JPG (109.53 KiB) Viewed 4231 times
nvradmin.png
nvradmin.png (515.57 KiB) Viewed 4231 times
Top
User avatar
mafredri
Posts: 371
Joined: Sat Mar 22, 2014 8:41 am

Re: WTF Asustor? Should I be worried?

Post by mafredri »

Oh wow, that definitely falls under the not cool category.

You can log in to the NAS via SSH (e.g. Putty, use root@nas) and type in the following command:

Code: Select all

passwd -l nvradmin
-l is for lock and will prevent logins for the account.
Hi, I'm new here. Looking to be active in the community and help with development :).
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
Top
MonsMagnus
Posts: 74
Joined: Sat Mar 11, 2017 2:17 am

Re: WTF Asustor? Should I be worried?

Post by MonsMagnus »

WOW!! I just checked this on my AS6202T and it works there as well. I agree that while this user doesn't appear to have any privileges, a hidden user account that I knew nothing about is NOT COOL. Asustor needs to secure this ASAP. I will be filing a service ticket on this as well.
Top
Post Reply

Return to “[Official] For AS-20X Series”