A vulnerability in the Baseboard Management Controller (BMC) of Supermicro motherboards leaves 30,000 unpatched servers and their passwords available on the open market, according to Cari.net researchers.
It seems login passwords are stored in clear and the file containing them is widely available for download by connecting to a specific port. To compromise vulnerable servers, an attacker can scan the port and download the remote login passwords stored in a binary file location called â€œ/PSBlockâ€.
â€œI discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152,â€ said a security researcher at CARInet Security Incident Response Team.
The researchers also revealed that more than 3,000 passwords still use the default combination, which makes them easy to guess.
Also, many systems are running older versions of the Linux kernel which can be exploited, for example, to elevate user privileges in shared hosting environments. This could allow a rogue customer to elevate his privileges and seize control of other usersâ€™ files or even perform changes to the server itself to subvert it.