Shared publicly  - 
 
So.. It's a binary log... Except the usernames and passwords part... I get it that this is a bug... But why in the hell would anybody in a fist place want to log someone's passwords... NSA and associated company excluded.

/me wants to punch some faces over TCP/IP
 
Baseboard Management Controller (BMC) Vulnerability in Supermicro based 32,000 motherboards Exposes Server Admin Password in Plaintext on the Internet.

http://thehackernews.com/2014/06/bmc-vulnerability-in-32000-servers.html
Baseboard Management Controller (BMC) Vulnerability in Supermicro based 32,000 motherboards Exposes Server Admin Password in Plaintext on the Internet.
3
1
Branko Toic's profile photoMartin Espinoza's profile photoAnand Gupta's profile photo
3 comments
 
The problem is only in IPMI, not leaking system passwords. And there is a patch. The source article complains that patching may not be practical, but if your architecture doesn't permit you to take PCs down for service, you have already failed.
 
Still lots of damage could be done even with IPMI credentials. As for servicing... well yeah you got your point there, I would only add that if you don't have your BMC on isolated mgm network in either case of your architecture you are still in trouble.
 
Yes, you are a total nutball if you have IPMI on a front-facing interface. But you can't really trust that your networks will stay separated anyway...
Add a comment...