Jump to content


Servers broadcast admin passwords ...

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 June 2014 - 04:38 AM


Servers broadcast admin passwords in the clear...
- http://arstechnica.c...advisory-warns/
June 19 2014 - "An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update* that patches the critical vulnerability, an advisory* published Thursday warned... The threat resides in the baseboard management controller (BMC), a motherboard component that allows administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. Unpatched BMCs in Supermicro motherboards contain a binary file that stores remote login passwords in clear text. Vulnerable systems can be detected by performing an Internet scan on port 49152. A recent query on the Shodan search engine indicated there are 31,964 machines still vulnerable, a number that may not include many virtual machines used in shared hosting environments... A separate blog post** from security training institute Sans confirmed the contents of the advisory..."
* http://blog.cari.net...e-added-extras/

>> http://www.supermicr...q.cfm?faq=16536

** https://isc.sans.edu...l?storyid=18285

:ph34r: :ph34r:  :(

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button