• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

SuperMicro IPMI Security Issue

P

plext0r

[H]ard DCOTM x3
Joined
Dec 1, 2009
Messages
780
If you have SuperMicro motherboards with onboard IPMI (most 2P and 4P motherboards), please read this:
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

I verified it is possible to retrieve the users and passwords from the IPMI device on my Intel 4P system. I successfully ran “wget http://IPMI-IP:49152/PSBlock” from a remote host to my SuperMicro motherboard IPMI IP address and ran “strings” on the file. Each of my logins and passwords were printed out!

Many SuperMicro motherboards have IPMI enabled out-of-the-box on the first Ethernet port.
 
I'm not very surprised, tbh.

I think one can disable automatic bridging using IPMIview [just seen the option,
never tried it].

Worst case, one can filter it out in the LAN or just assign OA&M sort of address to it.

On a related note, did you know you could ssh in to the BMC?
Code: 
ADMIN@192.168.3.99's password: 


BusyBox v1.1.3 (2011.04.04-22:48+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

# uname -a
Linux SMC002590583167 2.6.24-ami #1 Mon Apr 4 15:47:38 PDT 2011 armv5tejl unknown
#

EDIT: this method didn't work on my box, there's nothing on port 49152.
PSBlock file doesn't exist in BMC's filesystem either... must only be some models that are affected.
 
Last edited:
You must log in or register to reply here.
Back
Top