Question |
We are using an X9DRW-IF with IPMI Version 2.59. We run a security scan software to check for possible vulnerabilities.
We found: - (IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability - IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability)
I was under the impression that firmware 2.59 had fixes for these vulnerabilities already built in. Can you confirm this is still a problem in this firmware version? |
|
Answer |
2.64 will have fix for -C 0 vulnerability
For RAKP, that is IPMI spec weakness, but we cannot do anything about that as it is IPMI spec. The workaround is enable SMC RAPK on web. But after that only web and our SMCIPMI tool can work as we didn’t follow the spec for this. Open source tool cannot work anymore. |
|
|
FAQ Stats |
FAQ ID |
Related Category / Keyword |
Date Posted |
Code |
20881 |
Hardware Monitoring:
- IPMI
|
06/05/15 |
|
Print Answer
|