Stupid-simple exploit found in HP iLO4 servers

Last year, a trio of security researchers discovered such a vulnerability, which they say it can be exploited remotely, via an Internet connection, putting all iLO servers exposed online at risk.

The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware.

But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter “A” characters, as below:

curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Researchers published two GIFs showing how easy is to bypass iLO authentication with their method, and how they were able to retrieve a local user’s password in cleartext.

Vulnerability patched last year

But iLO server owners don’t need to panic. The security research team discovered this vulnerability way back in February 2017 and notified HP with the help of the CERT division at Airbus.

HP released patches for CVE-2017-12542 in August last year, in iLO 4 firmware version 2.54. System administrators who’re in the habit of regularly patching servers are most likely protected against this bug for months.

Sorgente: You Can Bypass Authentication on HPE iLO4 Servers With 29 “A” Characters