ewhac
Contributor
- Joined
- Aug 20, 2013
- Messages
- 177
Given how popular Supermicro's products are among the membership, I thought I'd pass this along, which was recently posted to Slashdot. Seems Supermicro's IPMI is storing passwords as plaintext, as well as running a UPnP server (Universal Penetrate and Pwn). As a consequence, you can retrieve the password store from a vulnerable system using nothing more than a Web browser.
Supermicro have released a firmware fix for the problem, but for machines that can't be taken down and reflashed, the article below details a workaround wherein you login to the IPMI interface and kill the UPnP daemons.
Naturally, none of you guys would ever expose your IPMI interfaces to the open Internet, but still...
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
Supermicro have released a firmware fix for the problem, but for machines that can't be taken down and reflashed, the article below details a workaround wherein you login to the IPMI interface and kill the UPnP daemons.
Naturally, none of you guys would ever expose your IPMI interfaces to the open Internet, but still...
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/