On my Supermicro Server, using a H8SCM motherboard, I have an IPMI card.
The IPMI card is version 2.0 and it is running the 2.37 firmware.
The problem I have is that I find no feasible way to disable port 80 (HTTP access).
As user ADMIN...
Through the Web Interface, I can only change the port (1-65535)
Through the SSH login, I have no access to any relative or interesting information whatsoever
Through the ipmitool, I can only change setting relative to SOL
Through the patched SuperMicro ipmitool, there is no setting available
Am I missing something, or has Supermicro left a gaping security hole allowing plaintext password transmission???
Supermicro IPMI BMCs are extremely useful, but they are not engineered for security. I recommend keeping IPMI on a separate interface/VLAN. Even if you are able to disable port 80, it is highly likely that there are undocumented remote exploit vulnerabilities.
There is an OEM extension for IPMI that Supermicro supports to disable non-IPMI ports on their service processor. I'm not sure which motherboard lines it is currently supported in and what firmware versions it is in, but it may be worth trying out.
I'm not sure if the extension is supported in any of Supermicro's client software. The OEM extension is currently supported in FreeIPMI's ipmi-oem tool (disclaimer: I maintain this project, so this is a mini-plug). Here's the relevant chunk from the manpage.