Описание
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Отчет
This issue did not affect the versions of OpenIPMI or freeipmi as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | freeipmi | Not affected | ||
| Red Hat Enterprise Linux 5 | OpenIPMI | Not affected | ||
| Red Hat Enterprise Linux 6 | freeipmi | Not affected | ||
| Red Hat Enterprise Linux 6 | OpenIPMI | Not affected | ||
| Red Hat Enterprise Linux 7 | freeipmi | Not affected | ||
| Red Hat Enterprise Linux 7 | OpenIPMI | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange P ...
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
EPSS
5 Medium
CVSS2