Vulnerability & Exploit Database

Back to search

HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation

This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Fabien Perigaud <fabien.perigaud [at] synacktiv[dot]com>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/admin/hp/hp_ilo_create_admin_account msf auxiliary(hp_ilo_create_admin_account) > show actions ...actions... msf auxiliary(hp_ilo_create_admin_account) > set ACTION <action-name> msf auxiliary(hp_ilo_create_admin_account) > show options and set options... msf auxiliary(hp_ilo_create_admin_account) > run

Related Vulnerabilities