Supermicro Fails At IPMI, Leaks Admin Passwords 102
drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.
Supermicro fails, indeed (Score:1, Funny)
They forgot to pay their SCO licensing fee in order to legally use Lunix. Don't forget to pay your $699 licensing fee. Remember, the price goes up to $1399 at the end of July.
Re:Wha? (Score:3, Funny)
"like a child" ==> Some computers that run websites on the Internet have an "Employees Only" entrance on the side of the building, with a lock controlled by a PIN code (for example, "1234").
SuperMicro built these PIN code locks with the correct code clearly printed on the side of the PIN entry panel.
Re:Wha? (Score:5, Funny)
>That's pretty terrifying stuff!
It's pretty handy if you have 100 racks of 30 machines each and no monitor or keyboard on any of them.
And with SuperMicro BMCs, it's even more handy when you don't own any of them.