[Info-vax] Temperature information via OpenVMS
Jairo Alves
jairo.ptbr at gmail.com
Wed May 9 14:55:34 EDT 2018
Em terça-feira, 8 de maio de 2018 11:37:32 UTC-3, Stephen Hoffman escreveu:
>
> Both of which are known to be insecure on OpenVMS. SMH on OpenVMS —
> which is the source of SNMP MIBs for OpenVMS — has had numerous
> security flaws that have been patched on Linux and Windows, and one or
> two of which I've been able to replicate on OpenVMS when exploits were
> available, and the SMNP implementation is SNMPv2 which is insecure.
> The iLO IPMI service can be queried for hashed passwords, and the hash
> uses a format that can be easily brute-forced. Isolate these
> services, if planning to use them.
>
>
> --
> Pure Personal Opinion | HoffmanLabs LLC
Thanks for the info, Hoff.
I'm curious about guessing the password on IPMI. Do people get the hashed value and then brute force it on their computers to guess the password?
In my case, I remember I created a new user with a random pass. I guess one cannot specify the user to be read only on ilo2/rx2660.. May it's possible but I didn't do it. On the other hand, on Proliants that's trivial, since the web interface manages the users and we can create them very limited. So even if their passes are cracked, the vulnerability is not very serious.
I'm not talking about internet facing servers, of course.
More information about the Info-vax
mailing list