CVE-2020-14156: OpenBMC Security Advisory: Network IPMI file permissions world-readable

Network IPMI before 2020-04-03 does not ensure the /etc/ipmi_pass file has strong file permissions. The /etc/ipmi_pass file was created with world-readable permission. Any user with SSH or SCP access to the BMC can read and decode the credentials and escalate to any IPMI user.[…]

(AFAICT, there is no security page that shows the various CVEs for OpenBMC. Maybe I missed it.)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s