Categories: vuln, safe
IPMI 2.0 Cipher Zero Authentication Bypass Scanner. This module identifies IPMI 2.0 compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.
vulns.short, vulns.showallSee the documentation for the vulns library.
nmap -sU --script ipmi-cipher-zero -p 623 <host>
PORT STATE SERVICE REASON 623/udp open|filtered unknown no-response | ipmi-cipher-zero: | VULNERABLE: | IPMI 2.0 RAKP Cipher Zero Authentication Bypass | State: VULNERABLE | Risk factor: High | Description: | | The issue is due to the vendor shipping their devices with the | cipher suite '0' (aka 'cipher zero') enabled. This allows a | remote attacker to authenticate to the IPMI interface using | an arbitrary password. The only information required is a valid | account, but most vendors ship with a default 'admin' account. | This would allow an attacker to have full control over the IPMI | functionality. | | References: | http://fish2.com/ipmi/cipherzero.html | http://osvdb.org/show/osvdb/93039 |_ http://osvdb.org/show/osvdb/93040
License: Same as Nmap--See https://nmap.org/book/man-legal.html