New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Gaping Security Holes In IPMI Protocol
new security holes in IPMI and BMC's
A widely deployed protocol and controller used in servers and workstations both contain serious vulnerabilities that in effect give attackers near-physical access to the machines, a pair of renowned researchers said today.
more details: A Penetration Tester's Guide to IPMI and BMCs
https://community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi
Comments
I run the IPMI / BMC interface in a private VLAN, private network, only accessible via VPN.
I suggest others start doing this as well.