1 min read

30,000 Servers May Be Exposed To Hackers

Alexandra GHEORGHE

June 20, 2014

Promo Protect all your devices, without slowing them down.
Free 30-day trial
30,000 Servers May Be Exposed To Hackers

30,000 Servers May Be Exposed To HackersA vulnerability in the Baseboard Management Controller (BMC) of Supermicro motherboards leaves 30,000 unpatched servers and their passwords available on the open market, according to Cari.net researchers.

It seems login passwords are stored in clear and the file containing them is widely available for download by connecting to a specific port. To compromise vulnerable servers, an attacker can scan the port and download the remote login passwords stored in a binary file location called “/PSBlock”.

“I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152,” said a security researcher at CARInet Security Incident Response Team.

The researchers also revealed that more than 3,000 passwords still use the default combination, which makes them easy to guess.

Also, many systems are running older versions of the Linux kernel which can be exploited, for example, to elevate user privileges in shared hosting environments. This could allow a rogue customer to elevate his privileges and seize control of other users` files or even perform changes to the server itself to subvert it.

tags


Author


Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs.

View all posts

You might also like

Bookmarks


loader