Unsolved
This post is more than 5 years old
1 Message
0
55117
IDRAC6 IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability
We have a R610 server with a IDRAC6 Monolithic interface at version 1.95. The below IDRAC6 vulnerability was recently identified. Is anyone aware of any plans to patch the below vulnerability on the IDRAC6 Monolithic?
IDRAC6 Home Page: http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx#exe_summary
Vulnerability Name: IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability
Vulnerability Description: The IPMI 2.0 specification supports a cipher with identifier 0. Many vendors have implemented this cipher, which allows for complete bypass of the IPMI authentication process.
URL: removed
Thank you for reviewing this post.
Eric
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
July 29th, 2013 09:00
Please do not post links to exploits. ipmi over lan is disbaled by default so local access would be needed unless this feature was enabled. http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx
TheLonelySysAdmin
1 Message
0
August 21st, 2018 08:00
Great non response. This is a serious vulnerability and all you said is "don't talk about it". No where can I find a fix for this in the 2.x firmware. What a joke.