Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission + - Supermicro IPMI Plaintext Passwords Exposed (

msm1267 writes: Much has been written about the insecurity of the IPMI protocol present inside embedded baseboard management controllers (BMCs). Serious vulnerabilities can be exploited to gain remote control over big servers running BMCs, in particular in hosting environments where the controllers help admins with remote management of crucial industrial functions, for example. And despite alerts and warnings from prominent figures in computer security such as Dan Farmer and HD Moore, and patches from vendors, the news keeps getting worse.

The security incident response team for San Diego-based cloud-based hosting provider yesterday disclosed that a file storing passwords in plain text is open over port 49152. Close to 32,000 vulnerable systems responded to a GET/PSBlock query on the Shodan search engine over port 49152; more than 9.8 million hosts responded in total.

“You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” said Zachary Wikholm, senior security engineer with

The PSBlock password file is found in a XML file stored inside a particular directory, Wikholm said, adding that he notified Supermicro of the issue in November to no avail. Wikholm said anything stored in the directory, including server.pem files, wsman admin passwords and netconfig files, are available.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Supermicro IPMI Plaintext Passwords Exposed

Comments Filter:

I've got a bad feeling about this.