Re: [Freeipmi-devel] The Infamous Cipher Zero, I presume?

[dan farmer]

On Feb 22, 2013, at 10:30 AM, Albert Chu <address@hidden> wrote:

>> I'd love to hear about the vendors that do have this on or off by 
>> default.
> 
> I know I've seen some vendors not disable it by default (and did not
> disable IPMI 1.5's "none" authentication), but I can't recall who.

It seemed rather alarming when I test 3 vendors and they all had it on ;)

Hard to believe I just got lucky or something.  If it's rather pervasive,
that means that most BMCs in the world essentially don't have a 
password out of the box, even if you think you put a password in place.

> A random thought/comment.  I do know many vendors do not write their own
> IPMI firmware, it usually comes from another company.  I have this
> feeling that many of the defaults actually from the common "parent" of
> the firmware, not the vendor itself.

Amen to this - but looking at the data there are lots of minor 
differences even on the same chip (in the micro lab I have, at least.)

I made a tool to take all the configs and suck them into JSON for
processing/viewing/storage; it makes it pretty trivial to search for 
things with a scripting language (python/javascript/whatever.)

WRT vendors I have a mental model that looks something like:

        original chip maker by vendor A
        OS & IPMI firmware placed on that by A or B
        firmware stack (things like SOL, virtual media, etc.) put on by B or C
        vendor stack (iDRAC, iLO, etc.) by B, C, or D

I'd guess up to 4, with a minimum of 2 vendors make these things, and
all settings can be or are changed along the way based on various
requirements.  I've found 7 low-level IPMI vendors (listed at the 
bottom of http://fish2.com/ipmi/); I'd guess they probably make 
anywhere from 70-90%+ of all BMCs, it's hard to tell.

-- d

¸¸.·´¯`·.¸><(((º>