This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote IPMI service is affected by an authentication bypass.
The IPMI service listening on the remote system has cipher suite zero
enabled, which permits logon as an administrator without requiring a
password. Once logged in, a remote attacker may perform a variety of
actions, including powering off the remote system.
Note that this plugin checks generically for the Cipher Suite Zero
authentication bypass vulnerability using a number of common accounts.
See also :
Disable cipher suite zero or limit access to the IPMI service.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true