Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Critical flaw exposes admin passwords of nearly 32,000 servers

Critical flaw exposes admin passwords of nearly 32,000 servers

2014/06/20

Help Net Security - (International) A researcher with CARI.net's Security Incident Response Team discovered that 31,964 servers with Supermicro baseboard management controllers (BMCs) will disclose their password files in plain text to anyone who connects to port 49152. The issue was fixed in a patch, but the patch requires administrators to reflash their systems with a new IPMI BIOS, which is not always possible.

Source: http://www.net-security.org/secworld.php?id=17032

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:20:39