Using Supermicro IPMI over Internet Securely

K

KapsZ28

2[H]4U
Joined
May 29, 2009
Messages
2,114
Anyone know if you can definitely use a purchased SSL certificate with Supermicro IPMI and what protocol/cipher/hashes is supports? When I look at the Generate SSL certificate on the IPMI web portal, the max key length you can select is 1024 bit. I would want to use a wildcard certificate with higher security.
 
Last edited:
Yeah, in this case, you're gonna want a VPN. There have been a number of vulnerabilities in the SuperMicro IPMI firmware over the past couple years, and I don't think all of them were fixed. A couple are related to hardcoded SSH/SSL keys in the firmware and backdoor username/passwords.

Here's a couple articles:
http://www.pcworld.com/article/2061...mware-is-far-from-secure-researchers-say.html
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

That 2nd one is ridiculous, admin passwords stored in a plaintext file you can access directly through the webserver without authentication.

Even though I haven't seen any new vulns in the past couple months, I'd never put one of these internet facing.
 
You must log in or register to reply here.
Back
Top