CVE-2013-4786

Name of the Vulnerable Software and Affected Versions HPE Integrated Lights-Out versions 2 through 5 HPE Superdome Flex RMC (affected versions not specified)

Description The issue allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. This could enable an attacker to gain unauthorized privileges and unauthorized access to privileged information.

Recommendations For HPE Integrated Lights-Out versions 2 through 5, update to a version that addresses the RAKP authentication issue to prevent unauthorized access. For HPE Superdome Flex RMC, at the moment, there is no information about a newer version that contains a fix for this vulnerability.