IPMI v2.0 Password Hash Disclosure漏洞 漏洞描述:远程主机支持IPMI v2.0智能平台,由于支持RMCP+认证密钥交换协议(RAKP)认证,管理接口(IPMI)协议受到信息泄露漏洞的影响。远程攻击者可以通过HMAC从BMC的RAKP message 2响应中获取有效用户帐户的密码哈希信息,从而实施离线口令猜测攻击。 涉及端口:623 加固措施:根据《漏洞...
Severity:High ID:80101 File Name:ipmi_passhash_disclosure.nasl Version:1.7 Type:remote Family:General Published:12/18/2014 Updated:6/12/2020 Supported Sensors:Nessus Risk Information VPR Risk Factor:Medium Score:4.4 CVSS v2 Risk Factor:High ...
漏洞扫描器Nessus提供了一个插件,插件ID为80101 (IPMI v2.0 Password Hash Disclosure)有助于判断目标环境中是否存在缺陷, 它已分配至系列:General, 商业漏洞扫描器Qualys能够使用插件43393 (IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability)检测此问题。
Item # 1 2 Vulnerability ID CVE-2013-4786 80101 Score Source CVSS 3.0 Nessus Score 7.5 High 7.8 High Summary IPMI: Leakage of password hashes via RAKP authentication [1] IPMI v2.0 Password Hash Disclosure [2] AFFECTED PLATFORMS AND RELEASES Affected A10 Thunder platforms with LOM/IPMI ports ...
Supermicro has had some issues with password file disclosure from their BMC - for instance, see this and other write-ups: a-penetration-testers-guide-to-ipmi To use this script simply say: dump_SM.pypassword_file Works for me, no warranty implied, guaranteed, etc. ...
It is with respect to these and other considerations that the disclosure made herein is presented. SUMMARY Technologies are described herein for a representational state transfer (“REST” or “RESTful”) over IPMI interface for firmware to BMC communication and applications thereof. These applications...
IPMI v2.0 Password Hash Disclosure漏洞 漏洞描述:远程主机支持IPMI v2.0智能平台,由于支持RMCP+认证密钥交换协议(RAKP)认证,管理接口(IPMI)协议受到信息泄露漏洞的影响。远程攻击者可以通过HMAC从BMC的RAKP message 2响应中获取有效用户帐户的密码哈希信息,从而实施离线口令猜测攻击。