So two things:
-For any IPMI device that implements IPMI 2.0:
ipmitool lan print
Look for:
Cipher Suite Priv Max : XXX
If the first character is not X, then anyone can get in without having
accurate auth data. If IPMITOOL is somehow fanagling it to be cipher suite
zero when passe
If you don't set the encryption key (leave it all 0's) does that mean you
have insecure communication? I know it's still encrypted, but does it imply
a known key, and anyone with a decent brain could decrypt your traffic
because of it?
-
