博客

The Dangers of BMC’s and IPMI Highlighted by Security Researchers

Posted on July 26, 2013 by Gento

SecurityRecent articles in Network World, Dark Reading, Wired and Security Week have highlighted the shocking and widespread security vulnerabilities of Baseboard Management Controllers (BMC) (and the associated Intelligent Platform Management Interface (IPMI) protocol), used for remote server management by corporations, service providers and hosting companies.

BMC’s, available from all leading server manufacturers, have direct access to the server’s motherboard. This provides the ability to monitor, boot, and even reinstall the server. Many systems provide KVM-over-IP access and the connection of remote media. Access to the BMC provides virtually unlimited remote control of the server.

Two security researchers have identified these vulnerabilities: Dan Farmer, who originally discovered and documented the vulnerabilities, and HD Moore, who describes how to identify and test for these issues, using readily available security tools. Moore discovered over 300,000 IPMI-enabled vulnerable servers connected to the Internet, as well as additional vulnerabilities.

BMC/IPMI vulnerabilities include: Cyper 0 authentication allowing access with any password, BMC-provided password hashes which can be broken via brute force methods, BMC’s shipping with enabled “anonymous” access, a UPnP vulnerability that provides root access to the BMC, and storage of clear text passwords. Once the BMC is broken into there are multiple ways to infect, control and takeover the server. Conversely, for a compromised server, the BMC can be used to establish a backdoor user account.

All server administrators and security officers need to be aware of Farmer’s and Moore’s work and understand how it affects their servers. As IPMI and BMC implementations vary, consult your server manufacturer(s). Farmer provides IPMI security best practices and Moore provides a useful FAQ.

While this research is rather new and there is much to digest, Raritan’s experts do agree that there are indeed vulnerabilities that customers should take seriously. Given the power and opacity of the BMC, this is doubly true.

Moore: “In addition to vulnerabilities in the IPMI protocol itself, most BMCs seem to suffer from issues common across all embedded devices, namely default passwords, outdated open source software, and, in some cases, backdoor accounts and static encryption keys.”

Moore: “The world of BMCs is a mess that is not likely to get better anytime soon, and we need to be crystal clear about the risk these devices pose to our networks.”

Farmer: “Imagine trying to secure a computer with a small but powerful parasitic server on its motherboard; a bloodsucker that can’t be turned off and has no documentation; you can’t login, patch, or fix problems on it; server-based defensive, audit, or anti-malware software can’t be used. Its design is secret and implementation old.”

Farmer: “It’s also the perfect spy platform: nearly invisible to its host, it can fully control the computer’s hardware and software, and it was designed for remote control and monitoring.”

Other Blog Posts

The cascade effect of data center failure on businesses - why sensors are essential
Posted on November 5, 2023
人工智能的快速发展和使用力登PDU满足更高的电力需求
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023
力登安全交换机(RSS):安全NIAP 4.0兼容式桌面型KVM
Posted on September 20, 2023

View all Blog Posts

力登官方微信公众号

力登官方微信公众号
cn-blogfollow

近期活动

New Zealand Cloud & Datacenter Convention 2022
3 November 2022, 9am – 4pm  •  Grand Millennium Hotel, Auckland, New Zealand
Data Centre World Singapore
12th – 13th Oct 2022
Korea Cloud & Datacenter Convention 2022
6th Oct 2022
Philippines Cloud & Datacenter Convention 2022
4th Aug 2022
JANOG50 Meeting Hokkaido
3th – 15th July 2022

View all Events

力登最新新闻

重振数据中心行业—罗格朗重磅推出两款革命性的智能机架式PDU!
Posted on May 1, 2023
独家专访丨惠州如何升级制造业?法资企业CEO提了个建议
Posted on December 2, 2021
力登公司推出MasterConsole®数字双显示器KVM切换器
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020
力登公司(Raritan)推出新型智慧型机架控制器(SRC),用于智能地管理数据中心和关键基础设施中的环境和安全信息
Posted on November 9, 2020

View all news