Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "HPE System Management Anonymous Access" module is designed to detect misconfigurations in the HPE System Management software. This module targets the HPE System Management software and focuses on identifying anonymous access vulnerabilities. It has a low severity level and was authored by divya_mudgal.
If the HPE System Management software is misconfigured and allows anonymous access, it can pose a security risk. Attackers may be able to gain unauthorized access to sensitive information or perform malicious actions on the system.
The module works by sending an HTTP GET request to the "/chpstrt.php?chppath=Home" path of the target system. It then applies matching conditions to the response to determine if the HPE System Management software is misconfigured and allows anonymous access.
The matching conditions used in this module include:
- The presence of the string "username = 'hpsmh_anonymous';" in the response - The presence of the string "var host_addr = '" in the response - The presence of the string "var ip_addr = '" in the responseIf all of these conditions are met, the module will report a vulnerability.