Language EN
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Eric87
Eric87
1 Copper
‎07-29-2013 09:17 AM

IDRAC6 IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability

We have a R610 server with a IDRAC6 Monolithic interface at version 1.95. The below IDRAC6 vulnerability was recently identified. Is anyone aware of any plans to patch the below vulnerability on the IDRAC6 Monolithic?

IDRAC6 Home Page: http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx#exe_summary

Vulnerability Name:  IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability

Vulnerability Description:   The IPMI 2.0 specification supports a cipher with identifier 0. Many vendors have implemented this cipher, which allows for complete bypass of the IPMI authentication process.

URL: removed

Thank you for reviewing this post.

Eric

0 Kudos
Reply
2 Replies
DELL-Josh Cr
Moderator
Moderator
‎07-29-2013 09:47 AM

Re: IDRAC6 IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability

Please do not post links to exploits. ipmi over lan is disbaled by default so local access would be needed unless this feature was enabled.  http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0...

 

Thanks,
Josh Craig
Dell EMC Enterprise Support Services
Get support on Twitter @DellCaresPRO
0 Kudos
Reply
TheLonelySysAdmin
TheLonelySysAdmin
1 Copper
‎08-21-2018 08:19 AM

Re: IDRAC6 IPMI 2.0 Cipher Type Zero Authentication Bypass V

Great non response. This is a serious vulnerability and all you said is "don't talk about it". No where can I find a fix for this in the 2.x firmware.   What a joke.

0 Kudos
Reply