You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters

Found on Bleeping Computer on Sunday, 08 July 2018

The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware.

Because of its simplicity and remote exploitation factor, the vulnerability —tracked as CVE-2017-12542— has received a severity score of 9.8 out of 10.

That's one pretty exploit. Simple and easy.

Browse all articles« Previous « » Next »