In a newly released security advisory, HPE said it addressed a critical authentication bypass flaw that can be used by unauthenticated attackers in low-complexity attacks, to reset admin passwords.