lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <82e8b74ada1e700a1a0bd92210046df8@mx1.je-eigen-domein.nl>
Date: Wed, 12 Oct 2011 17:20:52 +0200
From: Floris Bos <bos@...eigen-domein.nl>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Supermicro IPMI documentation omission: presence
	of second admin account

The IPMI functionality of some Supermicro mainboards comes with two admin
accounts by default, which are labeled in the webinterface:

"ADMIN"
"Anonymous"

The official documentation only tells you to change the password of the
"ADMIN" account:

==
Note: The manufacturer default username and password are ADMIN/ADMIN. 
Once you have logged into the BMC using the manufacturer default password,

be sure to change your password for security purpose. 
==

Because of this, and because it does not seem to possible to login with
"Anonymous" in the webinterface, many admins do not bother to change the
password of "Anonymous".
However you can login to this account through SSH by specifying an empty
username (default password "admin" in lowercase).

==
$ ssh -l "" -o PreferredAuthentications=password,keyboard-interactive
xx.xx.xx.xx 
@xx.xx.xx.xx's password: 
Auth User/Pass with PS...pass.

ATEN SMASH-CLP System Management Shell, version 1.00
Copyright (c) 2008-2009 by ATEN International CO., Ltd.
All Rights Reserved


->
==


Tested on a X9SCL-F.
The following model numbers seem to use the same firmware:

==
# cd /etc/conf ; ls *.xml
platform.xml                    platform_H8DGU.xml             
platform_X7Sb3.xml              platform_X8DTUplus.xml         
platform_X8STI_3F.xml
platform_H8DCL.xml              platform_H8DGU_LN4.xml         
platform_X8DTL_6F.xml           platform_X8DTW_6F.xml          
platform_X9SCA.xml
platform_H8DCT.xml              platform_H8DGU_LN4_AI034.xml   
platform_X8DTL_iF.xml           platform_X8SIA.xml             
platform_X9SCL.xml
platform_H8DCT_IBQF.xml         platform_H8QG6.xml             
platform_X8DTN.xml              platform_X8SII.xml             
platform_X9SCM.xml
platform_H8DG6.xml              platform_H8QGI_AI034.xml       
platform_X8DTNplus.xml          platform_X8SIL.xml             
platform_X9SRA.xml
platform_H8DGG.xml              platform_H8SCM.xml             
platform_X8DTT.xml              platform_X8SIL_SIOM.xml        
platform_X9SRI.xml
platform_H8DGT.xml              platform_H8SGL.xml             
platform_X8DTU-F.xml            platform_X8SIT.xml
platform_H8DGT_HF_AI034.xml     platform_X7SPA.xml             
platform_X8DTU.xml              platform_X8SIU.xml
platform_H8DGT_HIBQF_AI034.xml  platform_X7SPT.xml             
platform_X8DTU_6TF.xml          platform_X8STE.xml
==


Yours sincerly,

Floris Bos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ