Tom Luong
2014-04-08 21:16:38 UTC
Sorry for sending this out to the mailing list.
I just had a security assessment in my network and tons of IPMI related vulnerabilities came up. Most were weak cipher suites and medium strength ciphers supported. Has anyone tried to harden IPMI?
When I tried to disable some cipher suites, I can't log in via the web UI or SSH.
Here's the default settings:
Set in Progress : Set Complete
Auth Type Support : MD2 MD5 OEM
Auth Type Enable : Callback : MD2 MD5 OEM
: User : MD2 MD5 OEM
: Operator : MD2 MD5 OEM
: Admin : MD2 MD5 OEM
: OEM :
IP Address Source : Static Address
IP Address : 10.93.8.139
Subnet Mask : 255.255.252.0
MAC Address : 00:25:90:58:18:20
SNMP Community String : AMI
IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 0.0 seconds
Default Gateway IP : 10.93.8.1
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0
Cipher Suite Priv Max : aaaaXXaaaXXaaXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
I tried to enable access to the admin user using cipher suites 8 and 12. When I set it to the following, I get "login failed" in both web UI and SSH.
Cipher Suite Priv Max : XXXXXXXXaXXXaXX
Here are the ciphers support on my SuperMicro machines.
ipmitool channel getciphers ipmi 1
ID IANA Auth Alg Integrity Alg Confidentiality Alg
0 N/A none none none
1 N/A hmac_sha1 none none
2 N/A hmac_sha1 hmac_sha1_96 none
3 N/A hmac_sha1 hmac_sha1_96 aes_cbc_128
6 N/A hmac_md5 none none
7 N/A hmac_md5 hmac_md5_128 none
8 N/A hmac_md5 hmac_md5_128 aes_cbc_128
11 N/A hmac_md5 md5_128 none
12 N/A none md5_128 aes_cbc_128
There's no logs since the IPMI filesystem in mounted read-only. Can anyone please help?
Thanks,
Tom
I just had a security assessment in my network and tons of IPMI related vulnerabilities came up. Most were weak cipher suites and medium strength ciphers supported. Has anyone tried to harden IPMI?
When I tried to disable some cipher suites, I can't log in via the web UI or SSH.
Here's the default settings:
Set in Progress : Set Complete
Auth Type Support : MD2 MD5 OEM
Auth Type Enable : Callback : MD2 MD5 OEM
: User : MD2 MD5 OEM
: Operator : MD2 MD5 OEM
: Admin : MD2 MD5 OEM
: OEM :
IP Address Source : Static Address
IP Address : 10.93.8.139
Subnet Mask : 255.255.252.0
MAC Address : 00:25:90:58:18:20
SNMP Community String : AMI
IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 0.0 seconds
Default Gateway IP : 10.93.8.1
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0
Cipher Suite Priv Max : aaaaXXaaaXXaaXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
I tried to enable access to the admin user using cipher suites 8 and 12. When I set it to the following, I get "login failed" in both web UI and SSH.
Cipher Suite Priv Max : XXXXXXXXaXXXaXX
Here are the ciphers support on my SuperMicro machines.
ipmitool channel getciphers ipmi 1
ID IANA Auth Alg Integrity Alg Confidentiality Alg
0 N/A none none none
1 N/A hmac_sha1 none none
2 N/A hmac_sha1 hmac_sha1_96 none
3 N/A hmac_sha1 hmac_sha1_96 aes_cbc_128
6 N/A hmac_md5 none none
7 N/A hmac_md5 hmac_md5_128 none
8 N/A hmac_md5 hmac_md5_128 aes_cbc_128
11 N/A hmac_md5 md5_128 none
12 N/A none md5_128 aes_cbc_128
There's no logs since the IPMI filesystem in mounted read-only. Can anyone please help?
Thanks,
Tom