Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File ipmi-cipher-zero

Script types: portrule
Categories: vuln, safe
Download: https://svn.nmap.org/nmap/scripts/ipmi-cipher-zero.nse

User Summary

IPMI 2.0 Cipher Zero Authentication Bypass Scanner. This module identifies IPMI 2.0 compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.

Script Arguments

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -sU --script ipmi-cipher-zero -p 623 <host>

Script Output

PORT      STATE         SERVICE REASON
623/udp open|filtered unknown no-response
| ipmi-cipher-zero:
|   VULNERABLE:
|   IPMI 2.0 RAKP Cipher Zero Authentication Bypass
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|
|       The issue is due to the vendor shipping their devices with the
|       cipher suite '0' (aka 'cipher zero') enabled. This allows a
|       remote attacker to authenticate to the IPMI interface using
|       an arbitrary password. The only information required is a valid
|       account, but most vendors ship with a default 'admin' account.
|       This would allow an attacker to have full control over the IPMI
|       functionality.
|
|     References:
|       http://fish2.com/ipmi/cipherzero.html
|       http://osvdb.org/show/osvdb/93039
|_      http://osvdb.org/show/osvdb/93040

Requires


Author:

  • Claudiu Perta <claudiu.perta@gmail.com>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]