Pipe 3B0 Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

by
Anonymous Coward
in security on (#3B0)
At least 32,000 servers broadcast admin passwords in the clear, advisory warns

Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285

History

2014-06-20 09:06
Exploiting bug in Supermicro hardware is as easy as connecting to port 49152.
zafiro17@pipedot.org
AtIf lyou'reast 32,000running a servers bon Supermicro hardcwasre, you're operat adming with your passwordnts idown. That's the conclusion by security firms who warn >
E
exploiting bug in Supermicro hardware is as easy as connecting to port 49152
. There are very likely at least 32,000 servers broadcast admin passwords
.

http://arstechnica.com/security/2014/06/ at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/

http://blog.cariCARI.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/ security researchers explain:
On 11/7/2013, after reading a couple articles on the problems in IPMI by Rapid7’s HD Moore (linked at the end), I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152.

If you take a look at the /nv directory, you will find the file IPMIdevicedesc.xml file; a file which was already known to be downloaded via the aforementioned port. You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface (reference link at the bottom of this article). This is not the only file that is vulnerable to this.
Read more
https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285.
Reply 0 comments