HPE System Management Anonymous Access

What is "HPE System Management Anonymous Access?"

The "HPE System Management Anonymous Access" module is designed to detect misconfigurations in the HPE System Management software. This module targets the HPE System Management software and focuses on identifying anonymous access vulnerabilities. It has a low severity level and was authored by divya_mudgal.

Impact

If the HPE System Management software is misconfigured and allows anonymous access, it can pose a security risk. Attackers may be able to gain unauthorized access to sensitive information or perform malicious actions on the system.

How the module works?

The module works by sending an HTTP GET request to the "/chpstrt.php?chppath=Home" path of the target system. It then applies matching conditions to the response to determine if the HPE System Management software is misconfigured and allows anonymous access.

The matching conditions used in this module include:

- The presence of the string "username = 'hpsmh_anonymous';" in the response - The presence of the string "var host_addr = '" in the response - The presence of the string "var ip_addr = '" in the response

If all of these conditions are met, the module will report a vulnerability.