Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module, named "HP ILO Serial Key Disclosure", is designed to detect a specific vulnerability in HP Integrated Lights-Out (ILO) devices. The module targets misconfigurations in the ILO devices that could lead to the disclosure of the serial key. The vulnerability is classified as medium severity.
Exploiting this vulnerability could allow an attacker to obtain the serial key of the HP ILO device. This information could be used to gain unauthorized access to the device or perform further attacks on the network.
The module works by sending an HTTP GET request to the "/xmldata?item=CpqKey" endpoint of the HP ILO device. It then applies matching conditions to the response to determine if the vulnerability is present.
The matching conditions include checking for specific words in the response body, such as "LTYPE", "LNAME", and "KEY". Additionally, the module verifies that the HTTP response status is 200.
By analyzing the response and matching conditions, the module can identify if the HP ILO device is vulnerable to serial key disclosure.