DL2100 security issues after resetting the system

My Cloud OS 3 Network Attached Storage My Cloud DL Series
#1

i had to do a System only -reset because of software error in NAS. (DL2100 drive is empty!) and before that “the needle reset” by pressing the reset button behind in the NAS.

i have encrypted the drive and found it abit peculiar that i can reset the admin password and then access to any files and folders in NAS.

This means that if anybody hijacks the device, he can just reset it and encryption means really nothing. Just slowing the device… Am i missing something or is there a huge security issue in WD software? Shouldnt it atleast ask the previous admin/user passwords to access the shares?

Now it let to reset admin password and then admin can change user paswords and hence access to any shares…

#2

Hi, welcome to the community.

I believe that you are talking about the password for each shares, that is not really encryption, that is just password protecting the shares in order for other people not have access to a particular share within the same network.

There is an option on the DL that allows you to encrypt the entire volume, meaning that everything on the volume is encrypted. This type of encryption will not reset after a simple “needle reset”. Take a look at the page 59 of the user manual, on step 13 tells you on how to encrypt the volume. Link to user manual.

#3

like i said earlier, i encrypted the whole volume when i set up the nas. atleast i chose that option and it was only possible to do that at the beginning before starting to use the drive (or the files are erased if you do that later). how do i check if the drive is encrypted or not? i cant find a place to check it from the dashboard.

then yesterday the system software was corrupted and i had to reset it. when you reset it, it resets also the admin password: http://support.wdc.com/KnowledgeBase/answer.aspx?ID=10432

when you have resetted the admin password, you can choose your own. when you have the admin password you can access any files on the nas. atleast i can. so, if anyone take the nas with him, he can easily reset it and get access to all files.

what am i missing here and done wrong?

there are three shares for users, each have their own user names and passwords. as an admin i can access those files (and change their passwords). but the real problem here is that i can access on every files on the nas.

to me it looks like it is encrypted (atleast it asking me to give the password if i want to change something):

#4

The link to to the user manual is not working. :wink:

#5

it only says 13. if you want to encrypt the volume, choose the option “Secure Volume” and hit the Next button.

i did that and i think the volume is encrypted (see the pic above).

#6

Ok, i started it all over.

Configuration when setting it up:
raid1
Encryption

  • set the password
  • selected Automount (because the nas has a power schedule)
    (this is exactly the same what i did earlier too)

and the result look like this:


Results:
The drive is fully operational when it has rebooted.

Security issue:
As an admin i can access all shares and see every files on the nas. if i hijack the nas, i can reset the admin password and get access to all files.

what is the idea of using volume encryption then?
am i doing something wrong or has there a security issue in the wd software?

1 Like
Forums | News and Announcements | Register | Help | Forum Guidelines
Copyright © 2001 - 2018 Western Digital Technologies, Inc. All rights reserved. | Trademarks | Privacy | Community Terms of Service | Site Terms of Use | Copyright | Contact WD