SuperMicro IPMI PSBlock File Plaintext Password Disclosure

Critical Nessus Plugin ID 76213


The remote device is affected by an information disclosure vulnerability.


The remote SuperMicro IPMI device is affected by an information disclosure vulnerability because it exposes all usernames and passwords in plaintext via the PSBlock file. A remote, unauthenticated attacker can exploit this vulnerability to download all usernames and passwords and gain a shell on the device.


Upgrade to the latest BIOS version.

See Also

Plugin Details

Severity: Critical

ID: 76213

File Name: supermicro_psblock_password_disclosure.nasl

Version: $Revision: 1.6 $

Type: combined

Published: 2014/06/25

Modified: 2017/11/20

Dependencies: 35712, 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:supermicro:bmc

Exploited by Nessus: true

Vulnerability Publication Date: 2014/06/19