Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

Anonymous Coward

in security on 2014-06-20 01:09 (#3B0)

At least 32,000 servers broadcast admin passwords in the clear, advisory warns

Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285

History

2014-06-20 09:06

Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

zafiro17@pipedot.org

AtIf lyou're~~ast~~ ~~32,000~~running a servers bon Supermicro hardcwasre, you're operat ~~adm~~ing with your pa~~ssword~~nts idown. That's the conclusion by security firms who warn >
Eexploiting bug in Supermicro hardware is as easy as connecting to port 49152. There are very likely at least 32,000 servers broadcast admin passwords.

~~http://arstechnica.com/security/2014/06/~~ at~~-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/~~

~~http://blog.cari~~CARI.net~~/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/~~ security researchers explain:

On 11/7/2013, after reading a couple articles on the problems in IPMI by Rapid7's HD Moore (linked at the end), I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152.

If you take a look at the /nv directory, you will find the file IPMIdevicedesc.xml file; a file which was already known to be downloaded via the aforementioned port. You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface (reference link at the bottom of this article). This is not the only file that is vulnerable to this.

0 comments