AlexanderAmelkin
commented
11 years ago - Group: version-1.8.13 --> version-1.8.14
Original comment by: Zdenek Styblik
Open AlexanderAmelkin opened 12 years ago
AlexanderAmelkin
commented
11 years ago Original comment by: Zdenek Styblik
AlexanderAmelkin
commented
8 years ago Original comment by: Zdenek Styblik
Reported by: Rob Swindell Original Ticket: ipmitool/bugs/139
Ater creating an RMCP+ session with a succesfully negotiated cipher-suite containing an integrity and/or confidentiality (encryption) algorithm (e.g. "-C2 or -C3"), if the management controller responds with non-authenticated/integiryt-protected or non-encrypted IPMI/RMCP+ responses, ipmitool accepts the response as valid.
This is a security flaw in ipmitool but can only be observed with a non-conforming management controller or a malicious man-in-the-middle.
This is an old ipmitool bug, but still exists in v1.8.12.