Return
-
Title
Security scan alert returns IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability -
Description
IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability is being returned by the scans of the Syslog-ng Storebox (SSB) Appliances. This has been flagged as a security vulnerability.
-
Cause
3rd party IPMI 2.0 chip vulnerability.
-
Resolution
This is not tied to a specific SSB version, but to the hardware that is in use. There is no fix for the IPMI Remote Password Hash Vulnerability from Supermicro and the manufacturer of the IPMI chip. Please ensure the following best practices from the manufacturer of the motherboard are implemented:
Please see this PDF from SuperMicro.
Please also see the vendor's website for information about this: SuperMicro FAQs
Please note: Enabling SMC RAKP will lose all information on the web UI of the product and makes it unsupported by us. Therefore we do not recommend this.The version of the IPMI can be checked on the web UI's main page or using this from the boot shell:ipmitool mc info|grep "Firmware Revision"