http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/
By Dan Goodin
Ars Technica
June 19, 2014
An alarming number of servers containing motherboards manufactured by
Supermicro continue to expose administrator passwords despite the release
of an update that patches the critical vulnerability, an advisory
published Thursday warned.
The threat resides in the baseboard management controller (BMC), a
motherboard component that allows administrators to monitor the physical
status of large fleets of servers, including their temperatures, disk and
memory performance, and fan speeds. Unpatched BMCs in Supermicro
motherboards contain a binary file that stores remote login passwords in
clear text. Vulnerable systems can be detected by performing an Internet
scan on port 49152. A recent query on the Shodan search engine indicated
there are 31,964 machines still vulnerable, a number that may not include
many virtual machines used in shared hosting environments.
"This means at the point of this writing, there are 31,964 systems that
have their passwords available on the open market," wrote Zachary Wikholm,
a senior security engineer with the CARInet Security Incident Response
Team. "It gets a bit scarier when you review some of the password
statistics. Out of those passwords, 3,296 are the default combination.
Since I'm not comfortable providing too much password information, I will
just say that there exists a subset of this data that either contains or
just was 'password.'"
A separate blog post from security training institute Sans confirmed the
contents of the advisory.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
