HP iLO authorization? Nah

This is old news and certainly not the end of the world, but just so it’s clear: Always keep your management network internal only.

Any version of iLO will by default happily provide anyone who can access it with details on product type, serial number, iLO firmware version, etc. This can be a convenience when autodetecting nodes on your management network.

Here are some exposed iLOs, courtesy of Shodan:

There’s also /xmldata?item=CpqKey that’s probably useful for something.

Oh, and FORTRAN called and congratulated on the all-caps XML.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s