module
Supermicro Onboard IPMI Static SSL Certificate Scanner
| Disclosed | Created |
|---|---|
| 11/06/2013 | 05/30/2018 |
Disclosed
11/06/2013
Created
05/30/2018
Description
This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI
controllers. An attacker with access to the publicly-available firmware can perform
man-in-the-middle attacks and offline decryption of communication to the controller.
This module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware
version SMT_X9_214.
controllers. An attacker with access to the publicly-available firmware can perform
man-in-the-middle attacks and offline decryption of communication to the controller.
This module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware
version SMT_X9_214.
Authors
hdm juan
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/scanner/http/smt_ipmi_static_cert_scanner
msf /(r) > show actions
...actions...
msf /(r) > set ACTION < action-name >
msf /(r) > show options
...show and set options...
msf /(r) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.