Vulnerability in Supermicro BMC Controller allows access to control interface passwords
A BMC (Baseboard Management Controller) chip used in Supermicro motherboards has a vulnerability that allows an attacker to gain access to the control interface login passwords. The problem is caused by the fact that the contents of the password file is displayed among the binary data block, which can be obtained without authentication via the network port 49152. The operation technique is very simple, just connect to port 49152 and execute the “GET / PSBlock” command. Passwords are issued in the clear, without hashing.
Security researchers who have identified the vulnerability warn that they were able to detect 31964 servers affected by this problem on the network, while 3296 (10%) of these systems used default passwords. The IPMI interface provided by the BMC controller provides tools for monitoring and managing equipment, including monitoring sensors, managing power, firmware and disks, remotely uploading its own OS to the server via the network, organizing the remote access console to attack the underlying OS and change BIOS settings.
Check your server can trite connecting to the vulnerable port using telnet:
telnet ip_ipmi 49152Further
GET /PSBlockIf you saw your passwords in the answer text, then you should think about updating the firmware.
')
A source...
upd:
Download firmware updates by following the link.
Source: https://habr.com/ru/post/227041/
All Articles