The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday 7:30am (PST)
The community will be in read-only from Tuesday 11:59pm (PST) to Wednesday 7:30am (PST)
Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Highlighted
David Allonby
Acclaimed Contributor

iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

Hi All,
has anyone seen this before...

I have 51 HP servers all with iLO version2 which fail PCI scanning due to TLS renegotiation being available on the iLO port..

i upgraded to 2.05 firmware for the iLOs but it fixes everything but the TLS renegotiation...

has anyone any ideas???

cheers
2 REPLIES
Michael Leu
Occasional Visitor

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

One possibilty to get this fixed would be to report it to the official channels at HP:

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
---------------------------------------------------------------------------------
Navigation: Forum Site Map // ye olde ITRC Tree
@HP: please get rid of the Passport login timeout
Oscar A. Perez
Esteemed Contributor

Re: iLO version 2 fails PCI Scans on TLS renegotiation vulnerability

I'm working on a new build that has SSL/TLS key renegotiation disabled. So far, it solves the CVE-2009-3555 vulnerability but needs a lot more testing.



__________________________________________________
I work for Hewlett Packard

If you feel this was helpful please click the KUDOS! thumb below!
//Add this to "OnDomLoad" event