Dan Farmer Presents Research on IPMI Vulnerabilities

IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.

via Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news.

BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes.  This isn’t the first article to point out vulnerabilities in IPMI.  It has been noted that IPMI should run on its own intranet and not the public internet.  Providing another layer of security to this interface may mitigate any problems.  IPMI can’t be any less secure than SNMP.