Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Supermicro Fails At IPMI, Leaks Admin Passwords 102

drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.
This discussion has been archived. No new comments can be posted.

Supermicro Fails At IPMI, Leaks Admin Passwords

Comments Filter:
  • by Anonymous Coward on Friday June 20, 2014 @01:53PM (#47283293)

    They forgot to pay their SCO licensing fee in order to legally use Lunix. Don't forget to pay your $699 licensing fee. Remember, the price goes up to $1399 at the end of July.

  • Re:Wha? (Score:3, Funny)

    by Anonymous Coward on Friday June 20, 2014 @02:02PM (#47283403)

    "like a child" ==> Some computers that run websites on the Internet have an "Employees Only" entrance on the side of the building, with a lock controlled by a PIN code (for example, "1234").

    SuperMicro built these PIN code locks with the correct code clearly printed on the side of the PIN entry panel.

  • Re:Wha? (Score:5, Funny)

    by Minwee ( 522556 ) <> on Friday June 20, 2014 @03:07PM (#47284033) Homepage

    >That's pretty terrifying stuff!

    It's pretty handy if you have 100 racks of 30 machines each and no monitor or keyboard on any of them.

    And with SuperMicro BMCs, it's even more handy when you don't own any of them.

"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet