http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
= simple telnet commands displays passwords of BMCs. Damn Supermicro, please hire some new programmers! 
And here I was hoping it would be something useful like a vulnerability that would put BMC (the company) out of business! Don’t get my hopes up like that!
More reason that one shouldn’t make his OOB net generally accessible.