Categories: vuln, safe
IPMI 2.0 Cipher Zero Authentication Bypass Scanner. This module identifies IPMI 2.0 compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.
- vulns.short, vulns.showall
See the documentation for the vulns library.
nmap -sU --script ipmi-cipher-zero -p 623 <host>
PORT STATE SERVICE REASON 623/udp open|filtered unknown no-response | ipmi-cipher-zero: | VULNERABLE: | IPMI 2.0 RAKP Cipher Zero Authentication Bypass | State: VULNERABLE | Risk factor: High | Description: | | The issue is due to the vendor shipping their devices with the | cipher suite '0' (aka 'cipher zero') enabled. This allows a | remote attacker to authenticate to the IPMI interface using | an arbitrary password. The only information required is a valid | account, but most vendors ship with a default 'admin' account. | This would allow an attacker to have full control over the IPMI | functionality. | | References: | http://fish2.com/ipmi/cipherzero.html |_ https://www.us-cert.gov/ncas/alerts/TA13-207A
License: Same as Nmap--See https://nmap.org/book/man-legal.html