A new vulnerability has been released by the CARI.net team regarding Supermicroâ??s implementation of IPMI/BMC for management.  The vulnerability involves a plaintext password file available for download simply by connecting to the specific port, 49152.  One of our team has tested this vulnerability, and it works like a champ, so letâ??s add another log to the fire and spread the good word.  The CARI.net team has a great writeup on the vulnerability linked below:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

Much thanx to the Zach at CARI.net for the heads-up.

tony d0t carothers --gmail