[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-devel] The Infamous Cipher Zero, I presume?
From: |
dan farmer |
Subject: |
Re: [Freeipmi-devel] The Infamous Cipher Zero, I presume? |
Date: |
Fri, 22 Feb 2013 10:44:50 -0800 |
On Feb 22, 2013, at 10:30 AM, Albert Chu <address@hidden> wrote:
>> I'd love to hear about the vendors that do have this on or off by
>> default.
>
> I know I've seen some vendors not disable it by default (and did not
> disable IPMI 1.5's "none" authentication), but I can't recall who.
It seemed rather alarming when I test 3 vendors and they all had it on ;)
Hard to believe I just got lucky or something. If it's rather pervasive,
that means that most BMCs in the world essentially don't have a
password out of the box, even if you think you put a password in place.
> A random thought/comment. I do know many vendors do not write their own
> IPMI firmware, it usually comes from another company. I have this
> feeling that many of the defaults actually from the common "parent" of
> the firmware, not the vendor itself.
Amen to this - but looking at the data there are lots of minor
differences even on the same chip (in the micro lab I have, at least.)
I made a tool to take all the configs and suck them into JSON for
processing/viewing/storage; it makes it pretty trivial to search for
things with a scripting language (python/javascript/whatever.)
WRT vendors I have a mental model that looks something like:
original chip maker by vendor A
OS & IPMI firmware placed on that by A or B
firmware stack (things like SOL, virtual media, etc.) put on by B or C
vendor stack (iDRAC, iLO, etc.) by B, C, or D
I'd guess up to 4, with a minimum of 2 vendors make these things, and
all settings can be or are changed along the way based on various
requirements. I've found 7 low-level IPMI vendors (listed at the
bottom of http://fish2.com/ipmi/); I'd guess they probably make
anywhere from 70-90%+ of all BMCs, it's hard to tell.
-- d
¸¸.·´¯`·.¸><(((º>