VERT Alert - Supermicro IPMI/BMC Plaintext Password Disclosure


Vulnerability Description

Supermicro’s implementation of IPMI/BMC allows remote, unauthenticated attackers to request the file PSBlock via port 49152. This plaintext password file contains IPMI username and password information.

Exposure & Impact

An attacker could gain credentialed to access via IPMI on vulnerable Supermicro systems. Supermicro IPMI allows remote graphical and text-based console access to a system, which gives an attacker a great deal of flexibility. Current reports indicate that nearly 32,000 hosts that are vulnerable to this issue are accessible on the Internet.

Remediation & Mitigation

The latest firmware offerings from Supermicro are not vulnerable, users that can flash their firmware should do so immediately.

The referenced blog post below contains information on a temporary mitigation in cases where flashing the firmware is not a possibility.



ASPL-568 will ship with detection for this vulnerability. In the meantime, customers can insert the following custom vulnerability to provide detection if they require immediate coverage can insert this rule and associate with the HTTP application. Scans will need to be run with Enhanced App Scan enabled.

rule.SEND("GET /PSBlock HTTP/1.0\r\n\r\n")
strHeaders = rule.buffer
strPSBlock = rule.buffer
if 'admin' in strPSBlock:



Threat Email Updates

Receive the latest Threat Alerts directly in your inbox:

Press Contacts

Cindy Valladares
Director of Corporate Communications