SuperMicro Servers Exposing IPMI Password
-
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
32,000 server affected. Open port that responds with security details including password!
-
@scottalanmiller said:
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
32,000 server affected. Open port that responds with security details including password!
Sorry if this comes off a bit ranty...
It's a lot more than 32k that are impacted by it. The 32k are among the millions of folks dumb enough to expose their management interface to the public. I feel like this is a trip back to the pre-firewall days of the 1990's. "If I put my IPMI/iLO/iDRAC/CIMC forward-facing, I can remotely manage my servers in my colo!" Yes, and so can everyone else. If you want remote management of your servers, either use a VPN or put it behind a firewall with rules allowing your office's subnet access to that IP address.
-
As an update, CERT even put out an advisory to have folks not expose their management interface: http://www.us-cert.gov/ncas/alerts/TA13-207A. I'd like to suggest taking it a step further. Other management interfaces, such as hypervisors, web control panels, SSH logins, etc. should not be exposed to the Internet.
