Security issue on IPMI v 2.0

  • 5 March 2020
  • 0 replies

Userlevel 4
Badge +2

IPMI version 2.0 is susceptible to exploitation that allows an attacker to obtain password hash information.


The vulnerability scan on the environment can give the below sample output:- 

Synopsis :

The remote host supports IPMI version 2.0.

Description :

The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.


To know the IPMI version on the host, login into the host, run the command for checking BMC version and you’ll get an output similar to:- 

Device ID                 : 32
Device Revision           : 1
Firmware Revision         : 3.63
IPMI Version              : 2.0 <<== IPMI version
Manufacturer ID           : xxxxx
Manufacturer Name         : Supermicro


To know how to retrieve the BMC version, check out the post:-


To know more about how to mitigate/apply solutions to pass the vulnerability scan, take a look at

This topic has been closed for comments