It was found that RAKP protocol as used in IPMI 2.0 specification allows remote attackers to obtain HMAC IPMI password hash that can be cracked offline. External References: http://fish2.com/ipmi/remote-pw-cracking.html https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
Created OpenIPMI tracking bugs for this issue: Affects: fedora-all [bug 1326639]
Created freeipmi tracking bugs for this issue: Affects: fedora-all [bug 1326640]
I'm not sure what are we supposed to do here? This is an issue in hardware. It is (the firmware in the) BMC controller that sends the RAKP 2 message. We do not send the message in any of the specified software. We just receive it. Also, the BMC firmware just follows the (faulty) specification and its firmware would have to be updated alongside the IPMI specs to fix this issue. -> I'm inclined to close these bugs as CANTFIX or NOTABUG
Statement: This issue did not affect the versions of OpenIPMI or freeipmi as shipped with Red Hat Enterprise Linux 5, 6, and 7.