CARISIRT: Yet Another BMC Vulnerability

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

= simple telnet commands displays passwords of BMCs. Damn Supermicro, please hire some new programmers! :frowning:

And here I was hoping it would be something useful like a vulnerability that would put BMC (the company) out of business! Don’t get my hopes up like that!

More reason that one shouldn’t make his OOB net generally accessible.