This password leakage vulnerability called IPMI is the abbreviation for Intelligent Platform Management Interface, which is an industry standard used to manage peripheral devices used in Intel based enterprise systems. The standard was developed by companies such as Intel, HP, NEC, Dell computers, and SuperMicro in the United States. IPMI is an open standard hardware management interface specification that defines specific methods for communication between embedded management subsystems. IPMI information is communicated through the Baseboard Management Controller (BMC) (located on IPMI specification hardware components).
Simply put, with IPMI, users can use it to monitor the physical health characteristics of servers, such as temperature, voltage, fan operation status, power status, etc. More importantly, they can install the system, turn on/off, and view the output of the server screen, just like standing in front of the server.
And IPMI can be managed through the web, entering the management interface through port 80, where account password authentication is required, and this vulnerability precisely leaks the password information of this authentication.
Experts from Shanli Wangan remind that this password leakage vulnerability can allow attackers to obtain management passwords without authentication. Once hackers gain high privileges on the server, the serious consequences can be imagined. Therefore, all servers affected by this vulnerability should contact the manufacturer as soon as possible to upgrade. To avoid the consequences of information leakage caused by the vulnerability, flexible and targeted encryption software should be used to encrypt important data, effectively preventing information leakage.