IPMI v2.0 Password Hash Disclosure

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host supports IPMI version 2.0.

Description :

The remote host supports IPMI v2.0. The Intelligent Platform
Management Interface (IPMI) protocol is affected by an information
disclosure vulnerability due to the support of RMCP+ Authenticated
Key-Exchange Protocol (RAKP) authentication. A remote attacker can
obtain password hash information for valid user accounts via the HMAC
from a RAKP message 2 response from a BMC.

See also :

http://fish2.com/ipmi/remote-pw-cracking.html

Solution :

There is no patch for this vulnerability; it is an inherent problem
with the specification for IPMI v2.0. Suggested mitigations include :

- Disabling IPMI over LAN if it is not needed.

- Using strong passwords to limit the successfulness of
off-line dictionary attacks.

- Using Access Control Lists (ACLs) or isolated networks
to limit access to your IPMI management interfaces.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 7.8
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 80101 ()

Bugtraq ID: 61076

CVE ID: CVE-2013-4786

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now