Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Supermicro IPMI/BMC Vulnerability

Published: 2014-06-19
Last Updated: 2014-06-19 21:52:47 UTC
by Tony Carothers (Version: 1)
5 comment(s)

A new vulnerability has been released by the team regarding Supermicro‚??s implementation of IPMI/BMC for management.  The vulnerability involves a plaintext password file available for download simply by connecting to the specific port, 49152.  One of our team has tested this vulnerability, and it works like a champ, so let‚??s add another log to the fire and spread the good word.  The team has a great writeup on the vulnerability linked below:

Much thanx to the Zach at for the heads-up.

tony d0t carothers --gmail

Keywords: BMC IPMI
5 comment(s)
Diary Archives