NAS: AS-202TE
ADM version: 3.0.5.RDU1
First time seeing a successful unauthorized login. I then tried it myself and it worked, using "nvradmin" as both user name and password. From the looks of it you can't do much with the unauthorized login because no file access rights were given. But I'm no IT expert so should I be worried? Is there anything I can do within the NAS setting to prevent this from happening again?
WTF Asustor? Should I be worried?
-
- Posts: 6
- youtube meble na wymiar Warszawa
- Joined: Sat Feb 08, 2014 3:51 pm
- mafredri
- Posts: 371
- Joined: Sat Mar 22, 2014 8:41 am
Re: WTF Asustor? Should I be worried?
Oh wow, that definitely falls under the not cool category.
You can log in to the NAS via SSH (e.g. Putty, use root@nas) and type in the following command:
-l is for lock and will prevent logins for the account.
You can log in to the NAS via SSH (e.g. Putty, use root@nas) and type in the following command:
Code: Select all
passwd -l nvradmin
Hi, I'm new here. Looking to be active in the community and help with development .
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
-
- Posts: 74
- Joined: Sat Mar 11, 2017 2:17 am
Re: WTF Asustor? Should I be worried?
WOW!! I just checked this on my AS6202T and it works there as well. I agree that while this user doesn't appear to have any privileges, a hidden user account that I knew nothing about is NOT COOL. Asustor needs to secure this ASAP. I will be filing a service ticket on this as well.