HP Server Exploit.


VIP Member
VIP Member
Dec 3, 2012
Anyone with a HP server that has the light-out interface configured and open to the internet update the firmware now or you could have some big problems as there has been a ridiculously easy exploit found for them. It is even a security risk if you only have it accessible to your local network.

All it takes to bypass is 29 * "A", which is nuts as that is the first char that is used in most exploit tests.

You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters

I'll be surprised if DELLs iDrac doesn't get exploiting in the next few weeks, I can only imagine the number of companies that will affect.