[ale] Anyone using Supermicro motherboards?
Alex Carver
agcarver+ale at acarver.net
Thu Jun 26 19:16:26 EDT 2014
Depends on the implementation. I've got a Dell sitting next to me with
its IPMI interface spliced directly to the on-board NIC (no USB bridges
or anything else). If you plug their NIC into the wall then you've also
done the same to the IPMI. The only workaround is to install another
NIC and use that for the main connection.
On 2014-06-26 08:37, Beddingfield, Allen wrote:
> I saw this a few days ago and looked into it - it is related to IPMI. In my opinion, these management/IPMI interfaces should always be on an internal network that requires VPN access for remote connectivity.
> Allen B.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
>
> ________________________________________
> From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of James Taylor [James.Taylor at eastcobbgroup.com]
> Sent: Thursday, June 26, 2014 10:06 AM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] Anyone using Supermicro motherboards?
>
>>From the latest SANS Bulletin...
> -jt
>
> ID: N/A
> Title: Supermicro Server Motherboard Credential Disclosure Vulnerability
> Vendor: Supermicro
> Description: Supermicro motherboards store administrator passwords in
> plain text, which is available to any attacker who can connect to TCP
> port 49152.
> CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
>
More information about the Ale
mailing list