Slashdot Mirror

← Back to Stories (view on slashdot.org)

Supermicro Fails At IPMI, Leaks Admin Passwords

Posted by Soulskill on from the bet-they-fix-it-now dept.

drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.

5 of 102 comments (clear)

  1. Re:Anyone who trusted SuperMicro... by stox · · Score: 5, Informative

    I manage 10,000 of them. To date lower infant mortality and lower long term failures than I had seen previously with Dell and HP. They also ship a lot faster than Dell or HP. Anyone who exposes their IPMI interfaces to the public internet deserves the results.

    --
    "To those who are overly cautious, everything is impossible. "
  2. Re:Wha? by barc0001 · · Score: 5, Informative

    IPMI is a management interface that allows you to do some neat remote administration tasks on these servers up to and including remote console so you can even install an OS on them over the network. They are a separate network interface with this running. I have several of these boxes deployed in my datacenters and firstly, the IPMI interface is configured with a non-public IP address, and secondly, the box is behind a firewall blocking all traffic that is not explicitly allowed, so while this is some sloppy-ass stuff on Supermicro's part, I am personally not that concerned. I am sure that there are many who are not nearly as cautious as I am though who might need to be concerned. Although if they are also that careless, chances are they might not have bothered to set up the IPMI interface as well or even plugged it in.

  3. By default, SuperMicro IPMI attaches to normal eth by Anonymous Coward · · Score: 5, Informative

    By default, SuperMicro IPMI attaches to normal ethernet. So if you hook up a server to a public connection, you've exposed your IPMI. We caught this in a security audit, we added a dhcp honey pot to our static network to see if we could get any devices to announce themselves. We about shat our pants! There's probably a ton of people at risk not knowing this motherboard is insecure by default!

  4. Re:By default, SuperMicro IPMI attaches to normal by drinkypoo · · Score: 5, Informative

    By default, SuperMicro IPMI attaches to normal ethernet.

    Yes, I saw a mention of that on G+ today, but I lost it. So I went to the source, I will save y'all the trouble of dicking with the PDF and jump straight to page 2-26 and excerpt the really interesting part:

    The default setting is Failover, which will allow IPMI to be connected from either the shared LAN port (LAN 1/0) or the dedicated IPMI LAN port. Precedence is given to the Dedicated LAN port over the shared LAN port.

    YE GODS. At least it's in the manual, which no one reads. You can select a port once you've got the system up and running, and once you do that it will stick, but until then it operates unsafely, as above. And if by chance there's no link on the management port during boot, perhaps because the management switch is also being cycled, then IPMI will appear on another interface.

    There's no excuse for not firewalling that off, but it's still also unacceptable behavior.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:Wha? by Minwee · · Score: 5, Funny

    >That's pretty terrifying stuff!

    It's pretty handy if you have 100 racks of 30 machines each and no monitor or keyboard on any of them.

    And with SuperMicro BMCs, it's even more handy when you don't own any of them.