HP iLO Amplifier Pack – Undocumented Accounts

HP iLO Amplifier Pack – Undocumented Accounts

Alright, so I am finally getting around to posting this…

I noticed a couple of undocumented accounts while digging around in the Amplifier Pack. Root and summercuryuser do not appear to be disabled and I could not find them listed in the documentation.

Cisco has been getting called out and removing backdoor accounts from different software offerings for quite some time. It is a little hard to tell what the purpose of these accounts are within the Amplifier Pack.

I updated /etc/shadow and replaced the values, for root, in the wolfram config file at /opt/wolfram/cfg/userInfoAllConfig.json with a known hash value. After rebooting the machine, the hash values were reverted. This was not the case when I was originally poking around version 1.30. With the older version, I was able to log in and get dumped into the wcli. HP seems to be doing more to protect these accounts.

I suppose you could disassemble the software and see if there are any other undocumented commands while using these accounts. However, that certainly is not my strong point.

March 2019, I sent a check for $10 to HP requesting the source code under the GPL. It has been almost a year later and I have not heard back.

Honestly, I still think the Amplifier Pack is a great value add to an organization using HP servers. I love that it ships on Debian instead of Ubuntu.

I personally would like to see the summercuryuser account documented, disabled, or removed from the software. It would also be great if HP made it easier to retrieve the source code under the GPL.

This post was originally drafted using release 1.30 and finished with release 1.55

Comments are closed.