SuperMicro IPMI PSBlock File Plaintext Password Disclosure

critical Nessus Plugin ID 76213


The remote device is affected by an information disclosure vulnerability.


The remote SuperMicro IPMI device is affected by an information disclosure vulnerability because it exposes all usernames and passwords in plaintext via the PSBlock file. A remote, unauthenticated attacker can exploit this vulnerability to download all usernames and passwords and gain a shell on the device.


Upgrade to the latest BIOS version.

See Also

Plugin Details

Severity: Critical

ID: 76213

File Name: supermicro_psblock_password_disclosure.nasl

Version: Revision: 1.6

Type: combined

Published: 6/25/2014

Updated: 11/20/2017

Dependencies: upnp_www_server.nasl, ssh_get_info.nasl

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:supermicro:bmc

Exploited by Nessus: true

Vulnerability Publication Date: 6/19/2014