[ale] Anyone using Supermicro motherboards?

Jim Kinney jim.kinney at gmail.com
Thu Jun 26 11:36:21 EDT 2014


On Thu, Jun 26, 2014 at 11:20 AM, Chris Fowler <cfowler at outpostsentinel.com>
wrote:

> On 06/26/2014 11:06 AM, James Taylor wrote:
>
>> >From the latest SANS Bulletin...
>> -jt
>>
>> ID:     N/A
>> Title:  Supermicro Server Motherboard Credential Disclosure Vulnerability
>> Vendor: Supermicro
>> Description: Supermicro motherboards store administrator passwords in
>> plain text, which is available to any attacker who can connect to TCP
>> port 49152.
>> CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
>>
>>
>>
> That must be for their IPMI interface.
>
>
Which should NEVER be on any network that can be directly hit from outside
the secure LAN. Connecting to the IPMI interface from the system side can
also occur but it is just a USB-nic with no access to the IPMI controls.

>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140626/dc6fbda0/attachment-0001.html>


More information about the Ale mailing list