Test ID:	1.3.6.1.4.1.25623.1.0.105923
Category:	Default Accounts
Title:	IPMI Default Credentials (IPMI Protocol) - Active Check
Summary:	It was possible to find default password/username combinations; for the Intelligent Platform Management Interface (IPMI) protocol.
Description:	Summary: It was possible to find default password/username combinations for the Intelligent Platform Management Interface (IPMI) protocol. Vulnerability Insight: Many IPMI enabled devices have set default username/password combinations. If these are not changed or disabled if opens up an easy exploitable vulnerability. Vulnerability Impact: An attacker can log into the IPMI enabled device often with privileged permissions and gain access to the host operating system. Affected Software/OS: All IPMI devices providing/using default credentials. The following is an excerpt of known tested credentials: - No CVEs: Dell iDRAC, SuperMicro BMC, IBM IMM, Fujitsu IRMC, Oracle/Sun ILOM, Asus IKVM BMC - CVE-2019-4169: IBM Open Power Firmware / OpenBMC Other devices / vendors might be affected as well. Solution: - Change the default passwords or disable the default accounts if possible - Filter traffic to UDP port 623 Please contact the vendor / consult the device manual for more information. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-4169 XForce ISS Database: ibm-bmc-cve20194169-info-disc (158702) https://exchange.xforce.ibmcloud.com/vulnerabilities/158702
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.