They used a shellcode exploit to return the contents of a file on the ILO processor that has the passwords in cleartext! They didn't publish that as far as I can see, but there is a published python program to add a new user with admin privileges and a password of your choice.
Bad HP! Go stand in the corner.
Is it just me or have HP servers been a bit flaky for the last 5 years or so?
The password is used directly as a shared secret for HMAC in IPMI. Therefore to support the ipmi protocol, the server must be able to know the plaintext of the password to a) prove to the client that they know the secret and b) to validate the HMAC sent by the client.
Another potentially tricky one is SNMP. It's a shared secret, but at least you can localize the key. Of course it is localized to an snmp engine id, so while you may not directly have the cleartext password, you can spoof a matching snmp eng
You may have hears the phrase "garbage in, garbage out". That's how programmers used to think. The design and test code try to make it work right, when the user uses it right, of course. If the user mashes keys at random, random things might happen. That used to be an okay way of thinking.
The internet has changed that. Now the user (connecting over the internet) WILL mash keys at random. Well, their script will send random bytes. It's no longer okay for software to respond in random ways when it receives ran
... when your network infrastructure was certified secure by the Fonz.
Aaaaaaaaaaaaaaaaaaaay.
They used a shellcode exploit to return the contents of a file on the ILO processor that has the passwords in cleartext! They didn't publish that as far as I can see, but there is a published python program to add a new user with admin privileges and a password of your choice.
Bad HP! Go stand in the corner.
Is it just me or have HP servers been a bit flaky for the last 5 years or so?
The password is used directly as a shared secret for HMAC in IPMI. Therefore to support the ipmi protocol, the server must be able to know the plaintext of the password to a) prove to the client that they know the secret and b) to validate the HMAC sent by the client.
Another potentially tricky one is SNMP. It's a shared secret, but at least you can localize the key. Of course it is localized to an snmp engine id, so while you may not directly have the cleartext password, you can spoof a matching snmp eng
You may have hears the phrase "garbage in, garbage out".
That's how programmers used to think. The design and test code try to make it work right, when the user uses it right, of course. If the user mashes keys at random, random things might happen. That used to be an okay way of thinking.
The internet has changed that. Now the user (connecting over the internet) WILL mash keys at random. Well, their script will send random bytes. It's no longer okay for software to respond in random ways when it receives ran