IPMI/BMC vulnerabilities

notFound

Don't take me seriously!
Verified Provider
Pretty sure that was an old vulnerability or maybe that's another or an imaginary one I was thinking of.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
This is why the BMCs should be on a private network not accessible from the internet, where the only external access is through a VPN.
 

jarland

The ocean is digital
Does anyone actually have BMCs facing the open internet?
Every WSI/Datashack customer who requests IPMI and doesn't secure it, if you can even do that with the trashy one they use, certainly does. Google indexes a lot of these things. It's an all you can eat buffet of wide open onboard IPMI. Googling for fun I see universities, large corporations, and even government entities with the login pages publicly accessible.
 
Last edited by a moderator:
Top