Supermicro Fails At IPMI, Leaks Admin Passwords 102
drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.
Opportunity for some grey hackery (Score:2, Interesting)
Some intrepid hacker should write a script to take control and apply the patch the vulnerable software.
All vendors fail with IPMI v2.0 (Score:4, Interesting)
IPMI v2.0 has a design flaw that any anonymous remote attacker can request and get the salt and password hash for the admin user!
It is a design flaw that cannot be patched.
Better use all of the 20 character allowed maximum password length and rotate the password often!
Re:Opportunity for some grey hackery (Score:4, Interesting)
This happened over 10 years ago. In response to the Blaster worm, someone wrote the Welchia worm to find, clean, and patch unpatched machines. Because it downloaded the patch to each machine it infected, its deleterious effects on networks may have been worse than Blaster.
I had the pleasure of being contracted to help remove both worms for a local hospital, sneakernetting the removal tool.