Administrator Password IPMI seen on port 49152
| F.A.Q. • SupportAdministrator Password IPMI seen on port 49152
The BMC controller firmware, which manages IPMI (Intelligent Platform Management Interface), is responsible for this error. IPMI allows you to remotely monitor and manage the server - for more information about IPMI, click here. In case the motherboard has outdated firmware, the BMC stores the IPMI administrator login and password in plain text.
To read them, a simple connection to port 49152 is sufficient:
nc 49152
GET /PSBlock
This problem affects users who have UPnP and IPMI enabled on a publicly accessible interface.
The IPMI administrator password is not the root/administrator password (unless they have been set the same), but having access to the server via the BMC, you can do anything with it. That's why Supermicro recommends that IPMi be on a secure network behind a firewall.
The solution to the problem is to update the IPMI firmware to the latest version. Fortunately, this is possible without interrupting the server's operation, and can be done at any time through the IPMI panel accessible via a web browser (Web Engine).
Related Pages:
- Threats Associated with Using IPMI in Publicly Accessible Networks and the Necessity of Regular Updates - IPMI Best Practices
- Linux tools - lshw, lspci, dmidecode, inxi (How to check server components?).
- IPMI Hard Reset
- Supermicro Twin product family
- How to activate SFT-OOB-LIC and SFT-DCMS-SINGLE JSON license on Supermicro motherboards with old BMC Web? SUM (Supermicro Update Manager)
- How to activate SFT-DCMS-LIC IPMI license, if SFT-OOB-LIC license is already activated and it can't be uploaded through Web GUI?
- How to Reset the Chassis Intrusion Sensor (Critical - Physical Security) on Supermicro