Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Security

Supermicro Fails At IPMI, Leaks Admin Passwords 102

Posted by Soulskill
from the bet-they-fix-it-now dept.
drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.
This discussion has been archived. No new comments can be posted.

Supermicro Fails At IPMI, Leaks Admin Passwords

Comments Filter:
  • by Anonymous Coward on Friday June 20, 2014 @12:53PM (#47283293)

    They forgot to pay their SCO licensing fee in order to legally use Lunix. Don't forget to pay your $699 licensing fee. Remember, the price goes up to $1399 at the end of July.

  • Re:Wha? (Score:3, Funny)

    by Anonymous Coward on Friday June 20, 2014 @01:02PM (#47283403)

    "like a child" ==> Some computers that run websites on the Internet have an "Employees Only" entrance on the side of the building, with a lock controlled by a PIN code (for example, "1234").

    SuperMicro built these PIN code locks with the correct code clearly printed on the side of the PIN entry panel.

  • Re:Wha? (Score:5, Funny)

    by Minwee (522556) <dcr@neverwhen.org> on Friday June 20, 2014 @02:07PM (#47284033) Homepage

    >That's pretty terrifying stuff!

    It's pretty handy if you have 100 racks of 30 machines each and no monitor or keyboard on any of them.

    And with SuperMicro BMCs, it's even more handy when you don't own any of them.

Whenever a system becomes completely defined, some damn fool discovers something which either abolishes the system or expands it beyond recognition.

Working...