Server Management - Systems Insight Manager
Showing results for 
Search instead for 
Did you mean: 

HP SIM certificate security flaw?

Occasional Contributor

HP SIM certificate security flaw?



For a project I'm trying to setup a HP SIM environment where 2 fictive company's can each login (with their own useraccount) and administer their own ILO's. I've managed to create seperate system collections, so that's working fine.


I've currently added a few Integrated Lights-Out cards (version 2 and 3 as well) and have succesfully setup a HP SIM SSO on each of them. In the ILO, Single Sign-On Settings are "Trust by Certificate" and I've added the hpsim-server as a trusted server. So far, so good.


However, it seems that a user who (for example) may only manage the ILO with ip, can change the url to open another ILO...


... so he gets autosigned in into an ILO he may not administer!

I've tried adding the user to the ILO without giving it any rights, but that isn't working. I've also tried to limit his rights on the x.152 ILO using the "Users and Authorizations" in HP SIM, but that isn't working either...


Now, what is the best way to fix this?


Thanks in advance,

Occasional Contributor

Re: HP SIM certificate security flaw?

No one who has a solution to this security issue?