Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE integrated Lights Out (iLO) Vendors:   HPE
HP integrated Lights Out (iLO) IPMI Protocol Flaw Lets Remote Users Obtain Hashed Passwords
SecurityTracker Alert ID:  1029981
SecurityTracker URL:
CVE Reference:   CVE-2013-4786   (Links to External Site)
Date:  Apr 1 2014
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  
Version(s): 2, 3, 4
Description:   A vulnerability was reported in HP integrated Lights Out (iLO). A remote user can gain obtain hashed passwords.

A remote user can invoke the IPMI 2.0 protocol to obtain the target user's salted SHA1 or MD5 hash.

The vulnerability resides in the protocol design and is mandated by the IPMI 2.0 specification.

The vendor has assigned SSRT101367 to this vulnerability.

Impact:   A remote user can gain obtain hashed passwords.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC