IPMI v2.0 Password Hash Disclosure

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote host supports IPMI version 2.0.

Description :

The remote host supports IPMI v2.0. The Intelligent Platform
Management Interface (IPMI) protocol is affected by an information
disclosure vulnerability due to the support of RMCP+ Authenticated
Key-Exchange Protocol (RAKP) authentication. A remote attacker can
obtain password hash information for valid user accounts via the HMAC
from a RAKP message 2 response from a BMC.

See also :


Solution :

There is no patch for this vulnerability; it is an inherent problem
with the specification for IPMI v2.0. Suggested mitigations include :

- Disabling IPMI over LAN if it is not needed.

- Using strong passwords to limit the successfulness of
off-line dictionary attacks.

- Using Access Control Lists (ACLs) or isolated networks
to limit access to your IPMI management interfaces.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 7.8
Public Exploit Available : true

Family: General

Nessus Plugin ID: 80101 ()

Bugtraq ID: 61076

CVE ID: CVE-2013-4786

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now