light bulb

Did You Know?



Reply
Highlighted
Posts: 6,462
Topics: 4,313
Kudos: 8,220
Registered: ‎06-12-2013

More than 32000 servers expose admin passwords in the clear

by paganinip on June 20th, 2014

 

Servers exposed.

 

More than 32000 servers containing motherboards manufactured by Supermicro expose admin passwords in the clear, it is a godsend for hackers.

A significant number of servers containing motherboards manufactured by Supermicro exposes administrator passwords, the situation is worrying considering that the problem is well known and a series of patches has been already released to fix the critical vulnerability, as explained by experts at CARI.net team.

The flaw relates to a component in the baseboard management controller (BMC) which allows administrators to monitor physical parameters (e.g. Temperatures, fan speed, disk and memory performance) of a large number of servers. The controller in Supermicro motherboards contains a binary file which contains remote login passwords in clear text.

 

Full Article.

Sr. Community Leader

Posts: 5,702
Kudos: 4,632
Registered: ‎10-28-2012

Re: More than 32000 servers expose admin passwords in the clear

Heaven help us from Admins and IT who fail to keep up with news and announcements, not just on software, but on the hardware and Firmware as well.

 

OMG.gif


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Posts: 6,462
Topics: 4,313
Kudos: 8,220
Registered: ‎06-12-2013

Re: More than 32000 servers expose admin passwords in the clear

I agree David totally, they should be on top of things like this, when the problems are well know there is no excuse.

Sr. Community Leader

Community Leader
Posts: 423
Registered: ‎04-11-2014

Re: More than 32000 servers expose admin passwords in the clear


Jasper_The_Rasper wrote:

I agree David totally, they should be on top of things like this, when the problems are well know there is no excuse.


At the risk of sounding redundant, I know on another thread somewhere around here, I stated that it seems as if QA has gone out the window.  Rather than being "on top of" or "ahead of" the game, it feels like all we are doing is being reactive to the latest hack, virus, no longer supported OS, etc.

 

What ever happened to being "pro-active"?

 bienvenue-a-1900.jpg

During my final year of college, I was fortunate enough to do a part-time internship with a very small company in NJ.  The task at hand was updating their manufacturing system — written in Business Basic — to allow for [ any guesses? ] yup, Y2K. Smiley Surprised

 

I received my degree in December of 1998, so, they were quite proactive IMHO allowing over two and a half years to update, de-bug, test and re-test and QA the new software.  It was fun!  Boring at times, but fun.  I even followed up with the owner after the ball dropped on New Year's Eve and all "heck" was supposedly going to break loose.  All was well! Smiley Very Happy

 

If anyone wants to reminisce, Wikipedia has quite a good read about the subject http://en.wikipedia.org/wiki/Y2K »

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader
Posts: 6,462
Topics: 4,313
Kudos: 8,220
Registered: ‎06-12-2013

Re: More than 32000 servers expose admin passwords in the clear

You are exactly right everyone is always playing catch up.

We may both be employed in totally different careers but are similar. I went the college and finished in 1984 and we were taught how to do a job properly from the start to the finish on the understanding that if you do it right to start with it saves going back and having to redo it later, cutting out the hassle.

I realise there are those who are on top the game but obviously there are some who are not and they make people cast doubt over the whole industry, maybe it is cost cutting I do not know but that is the route that seems to be the trend these days.

Sr. Community Leader

Community Guide
Posts: 228
Registered: ‎06-04-2014

Re: More than 32000 servers expose admin passwords in the clear


DavidP1970 wrote:

Heaven help us from Admins and IT who fail to keep up with news and announcements, not just on software, but on the hardware and Firmware as well.

 

OMG.gif


 

The challenge is to have the time and the money to solve every single security issue which comes up. Besides that there's still lots of work; securing the network, managing access, monitoring, Penetration tests,... That's a full time job, but how many companies can afford a CISO? For smaller companies it's even a problem to have a real IT person.

Community Guide



-Webroot Endpoint Protection user-
Posts: 5,702
Kudos: 4,632
Registered: ‎10-28-2012

Re: More than 32000 servers expose admin passwords in the clear

Yes, I know, and point well taken.  At the same time, this is not something that is checked daily... a regular schedule of maintaining is incredibly important.  I would not expect to see patches installed on every server affected within days of patch deploy, but time must be made for at least some form of regular checks to be made.


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Community Guide
Posts: 228
Registered: ‎06-04-2014

Re: More than 32000 servers expose admin passwords in the clear

That's why I try to create processes for such tasks, put them on paper and assign schedules; this makes life much easier. Smiley Wink

Community Guide



-Webroot Endpoint Protection user-
Posts: 891
Topics: 177
Kudos: 601
Registered: ‎10-03-2012

Re: More than 32000 servers expose admin passwords in the clear

Thanks for posting and sharing Jasper!

More than 32000? It sounds absolutely incredible Smiley Surprised
And what's worse, these stats are still growing...

Sr. Community Leader

Beta Tester



WEBROOT® SecureAnywhere™ Internet Security Complete Beta v8.0.8.89

Posts: 371
Topics: 24
Kudos: 217
Registered: ‎08-29-2012

Re: More than 32000 servers expose admin passwords in the clear

Thing is companies rely on IT and it's their most precious resource to them yet they neglect it and spend as little as they can on it.

Sr. Community Guide