Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At least 32,000 servers broadcast admin passwords in the clear, advisory warns


  • Please log in to reply
3 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,793 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:57 PM

Posted 20 June 2014 - 02:31 AM

 

An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned.

 

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/



BC AdBot (Login to Remove)

 


m

#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:57 AM

Posted 20 June 2014 - 02:56 AM

If I was so inclined there's sooo much ransom money there...



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 PM

Posted 20 June 2014 - 05:54 AM

Appears they need a patch for the patch.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Kilroy

Kilroy

  • BC Advisor
  • 3,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:07:57 PM

Posted 20 June 2014 - 08:16 AM

I wish these would be put into perspective.  Too often these security warnings/announcements and what not aren't a real issue once you start digging into them.

 

This is not the OS password it is the system board management password.  This is mainly an issue for Internet facing servers.  If this is an internal server it is still an issue, but someone would have to be on your network to take advantage of it.  Where I do see this as an issue since it affects Dell, HP, and other large manufacturer servers and people may not know they have a vulnerable server.  Additionally where 32,000 may sound like a large number it is nothing if you consider the number of Internet facing servers.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users