IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability
|10||(AV:N/AC:L/Au:N/C:C/I:C/A:C)||February 12, 2004||July 06, 2013||December 23, 2013|
The IPMI 2.0 specification supports a cipher with identifier 0. Many vendors have implemented this cipher, which allows for complete bypass of the IPMI authentication process.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- Change the affected IPMI setting
Consult your vendor's documentation for ways to change this setting:
- Disable IPMI
Disable IPMI entirely using the links below or by consulting your vendor's documentation:
- Restrict access to IPMI service(s)
Restrict access the affected IPMI service(s) using a firewall or other appropriate technology
- Apply vendor-supplied IPMI update
Apply a vendor-supplied update for this vulnerability, if possible and applicable
- Change default account names and passwords on HP Integrated Lights-Out (iLO) devices
Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.