Dan Farmer Presents Research on IPMI Vulnerabilities

IPMI runs regardless of the underlying operating system and operates on UDP port 623 through a server’s network port or its own Ethernet port. It runs continuously, Farmer said, unless the plug is literally pulled. Moore’s scan pulled up 230,000 responses over port 623, an admittedly tiny slice of the overall number of implementations. Yet Farmer concludes that 90 percent of BMCs running IPMI could be compromised because of default or weak passwords or weaknesses in the protocol, not only implicating the host server but others in the same management group because, as he discovered, some vendors share common passwords.

via Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news.

BMC = Baseboard Management Controller, a separate device attached to motherboards for management purposes.  This isn’t the first article to point out vulnerabilities in IPMI.  It has been noted that IPMI should run on its own intranet and not the public internet.  Providing another layer of security to this interface may mitigate any problems.  IPMI can’t be any less secure than SNMP.

“Bloodsucking leech” puts 100,000 servers at risk of potent attacks

The threat stems from baseboard management controllers that are embedded onto the motherboards of most servers. Widely known as BMCs, the microcontrollers allow administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. But serious design flaws in the underlying intelligent platform management interface, or IPMI, make BMCs highly susceptible to hacks that can cascade throughout a network, according to a paper presented at this week’s Usenix Workshop on Offensive Technologies.

via “Bloodsucking leech” puts 100,000 servers at risk of potent attacks | Ars Technica.