An update had been released for thousands of Supermicro’s servers that was supposed to fix a major vulnerability, but a new advisory shows that those servers are just as vulnerable now. As many as 32,000 servers from the company can be easily exploited, and admin passwords can be accessed by someone with very little knowledge.
Since there are many servers that remain unpatched, despite Supermicro’s efforts, doing a scan for “port 49152″ will reveal all of the vulnerable systems. With that scan, CARInet says that it is easy to see how many servers are vulnerable and which ones are open to exploitation.
“This means at the point of this writing, there are 31,964 systems that have their passwords available on the open market,” wrote Zachary Wikholm, a security engineer with CARInet. “It gets a bit scarier when you review some of the password statistics. Out of those passwords, 3,296 are the default combination. Since I’m not comfortable providing too much password information, I will just say that there exists a subset of this data that either contains or just was ‘password.’”
The CARInet report is concerning for quite a few reasons. While patches are not always applied in a timely manner, it is always disturbing to see that the patches aren’t being put to use. Though, perhaps even more disturbing than that are the passwords actually being used for the servers. When a server can be accessed with something as simple as “password”, there is absolutely nothing secure about the system.
Via [Ars Technica]